70-640 Test King

Microsoft 70-640
70-640 TS: Windows Server 2008 Active Directory, Configuring
Practice Test
Version 20.0
Microsoft 70-640: Practice Exam QUESTION NO: 1 You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory forest containing a single domain named testking.com. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista. The TestKing.com network currently has two Active Directory-integrated zones: TestKing.com and Weyland.com. During the course of the day you receive instruction from TestKing.com to ensure that Rory Allen from the Paris office Weyland.com zone is allowed to modify records in the TestKing.com zone. TestKing.com additionally wants you to prevent Rory Allen from modifying the SOA record in the TestKing.com zone. What should you do? A. You should consider having the permission of the Weyland.com zone modified by accessing the DNS Manager Console. B. You should consider having the Domain Controllers organizational unit modified by accessing the Active Directory Users and Computers console. C. You should consider having the permissions of the TestKing.com zone modified by accessing the DNS Manager Console. D. You should consider having the user permissions on TestKing.com modified to include all the users. You should then have Rory Allen's permissions on TestKing.com configured to allow only the administrators group to modify the records. Answer: C
Explanation: In the scenario you should set the permissions of TestKing.com using DNS Manager Console which would allow you to prevent users from modifying the SOA record in the TestKing.com zone. You set permissions for network users to modify records in TestKing.com but setting permissions on the Active Directory-integrated zone would prevent users from modifying anything else on other zones.
QUESTION NO: 2 You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory forest containing a single domain named testking.com. TestKing.com has its headquarters located in London and branch office located in Paris. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista. TestKing.com currently makes use of a computer named TESTKING-SR01 and TESTKING-SR02 configured as DNS servers. "Welcome to Certification's Main Event" - www.test-king.com 2
Te
st-
Ki
ng
.co
Microsoft 70-640: Practice Exam During the course of the day you are informed that only one Active-Directory integrated zone has been configured in the domain. TestKing.com has requested that you start removing the outdated DNS records from the DNS zone automatically. What should you do? A. You should consider having the netsh/Reset DNS command run from the Command prompt. B. You should consider having the zone properties accessed and enable Scavenging. C. You should consider having the zone propertied accessed to modify the TTL of the SOA record. D. You should consider having the zone properties accessed to disable updates. Answer: B Explanation: In the scenario you should enable scavenging through the zone properties because scavenging removes the outdated DNS records from the DNS zone automatically. You should additionally note that patience would be required when enabling scavenging as there are some safety valves built into scavenging which takes long to pop. Reference: http://www.gilham.org/Blog/Lists/Posts/Post.aspx?List=aab85845-88d2-4091-8088a6bbce0a4304&ID=211
QUESTION NO: 3
You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory forest containing a single domain named testking.com. TestKing.com has its headquarters located in London and branch office located in Paris. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista. TestKing.com currently makes use of a computer named TESTKING-SR01 and TESTKING-SR02 that is configured as DNS servers. TestKing.com currently has the Standard Primary zone for TestKing.com on TESTKING-SR01 and the Standard Secondary zone for TestKing.com on TESTKING-SR02. During the course of the day you receive instruction from TestKing.com to make sure that the replication of the TestKing.com zone is encrypted without the loss of zone data. What should you do? A. You should consider having the interface changed where the DNS server listens on both servers. B. You should consider having the zone transfer settings configured on the standard secondary zone. "Welcome to Certification's Main Event" - www.test-king.com 3
Te
st-
Ki
ng
.co
Microsoft 70-640: Practice Exam You should then have the Schema master servers lists modified on the primary zone. C. You should consider having a stub zone. You should then have the secondary zone deleted. D. You should consider having the primary zone converted to active directory zone. You should then have the secondary zone deleted. Answer: D Explanation: In the scenario you should have the TestKing.com primary zone converted to an active directoryintegrated zone and delete the secondary zone as this would ensure replication of the TestKing.com zone is encrypted whilst preventing data loss.
QUESTION NO: 4 You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. TestKing.com has its headquarters located in London and branch office located in Paris. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista. TestKing.com currently has the London and Paris office connected via a WAN link. TestKing.com additionally makes use of a computer in the London office named TESTKING-SR01 configured as the DNS server hosting a standard primary zone. During the course of the day you receive instruction from TestKing.com to install a computer named TESTKING-SR02 in the Paris office configured as a DNS server. TestKing.com additionally wants you to ensure that the DNS service on TESTKING-SR02 in the Paris office is able to update records and resolve queries in the event of a WAN link failure. What should you do?
A. You should consider having TestKing.com converted to an Active Directory-integrated zone on TESTKING-SR01. B. You should consider having a new stub zone configured on TESTKING-SR01. You should then set the forwarding option to TESTKING-SR02. C. You should consider having DNS on TESTKING-SR01 configured to forward request to TESTKING-SR02. D. You should consider having a secondary zone added on TESTKING-SR02 named testking.com. Answer: A Explanation:
"Welcome to Certification's Main Event" - www.test-king.com
Te
st-
Ki
ng
.co
Microsoft 70-640: Practice Exam In the scenario you should ensure that TESTKING-SR01's DNS service is able to update and resolve DNS queries if the WAN link fails. In addition you should have the mask converted to an Active Directory-integrated zone on TESTKING-SR01 as this eliminates the need for primary and secondary name servers as fault tolerance is built into Active Directory which in addition is a bonus when using dynamic DNS. Reference: http://safari.adobepress.com/9780596514112/active_directory-integrated_zones
QUESTION NO: 5 You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. TestKing.com has its headquarters located in London and branch office located in Paris. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista. TestKing.com currently makes use of a computer named TESTKING-SR01 configured as a DNS server configured with seven Active Directory Integrated Zones. During the course of the day you receive instruction from TestKing.com to provide copies of the zone files of TESTKING-SR01 to the security audit group for auditing purposes. What should you do?
Answer: A
QUESTION NO: 6 You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. TestKing.com has its headquarters located in London and branch office located in Paris. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista. TestKing.com currently makes use of a computer named TESTKING-SR01 configured as the network DNS server. During the course of the day you receive instruction from TestKing.com to "Welcome to Certification's Main Event" - www.test-king.com 5
Te
A. You should consider having the dnscmd/ZoneInfo command executed at the command prompt. B. You should consider having the dnscmd/ZoneOutput command executed at the command prompt. C. You should consider having the ntdsutil > Partition Management > Display command executed at the command prompt. D. You should consider having the ipconfig/registerdns command executed at the command prompt.
st-
Ki
ng
.co
Microsoft 70-640: Practice Exam install the DNS server role on a member server in the Paris office named TESTKING-SR02 whilst creating a standard secondary zone for TestKing.com on TESTKING-SR02. TestKing.com has additionally requested that you configure TESTKING-SR01 as the master server for the zone whilst ensuring that TESTKING-SR02 is able to obtain zone updates from TESTKING-SR01. What should you do? A. You should consider having the TESTKING-SR01 computer account added to the DNSUpdateProxy group. B. You should consider having the permission on TESTKING-SR01 modified for the TestKing.com zone. C. You should consider having TestKing.com added as a conditional forwarder. D. You should consider having the zone transfer settings on TESTKING-SR01 modified for the TestKing.com zone. Answer: D
QUESTION NO: 7
What should you do?
A. You should consider having a NS record added in the TestKing.com.com zone B. You should consider having a secondary zone created on a Global catalog server. C. You should consider having a delegation created in the TestKing.com zone. D. You should consider having the properties of SOA record changed in the uk.TestKing.com zone. Answer: C
QUESTION NO: 8
Te
During the course of the day you receive instruction from TestKing.com to add a domain controller named TESTKING-SR01 with a standard primary zone for uk.TestKing.com. TestKing.com has additionally requested all company domain controllers be configured appropriately to resolve names for uk.TestKing.com.
st-
Ki
You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory forest containing a single domain named testking.com. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista. The current TestKing.com DNS zone is stored on the ForestDnsZones Active directory partition.
ng
.co
Microsoft 70-640: Practice Exam You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. TestKing.com has its headquarters located in London and branch office located in Paris. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista. TestKing.com currently makes use of a computer named TESTKING-SR01 configured as a DNS server running a standard primary zone. During the course of the day you receive instruction from TestKing.com to setup a strategy which allows the TestKing.com DNS server to hold the same database whilst ensuring that secure DNS dynamic updates are used for all clients. TestKing.com wants you to decide on which DNS strategy type to use. What should you do? (Choose two) A. You should consider having all servers configured as primary servers. You should then have replication configured. B. You should consider having all network servers upgraded to Active Directory Integrated servers. C. You should consider having a server upgraded as a primary master. You should then have the rest of the servers configured as secondary zones. D. You should consider having a server upgraded as a primary master. You should then have the rest of the servers configured as stub zones. Answer: B,D
QUESTION NO: 9 You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. TestKing.com has its headquarters located in London and branch office located in Paris. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista. During the course of the day you receive reports from TestKing.com that they are experiencing problems with a computer named TESTKING-SR01 which is configured as a DNS server. TestKing.com wants you to determine whether the correct host name is used whilst testing DNS on the local system to establish the host name 'TESTKING-SR01' is resolved to the IP address "Welcome to Certification's Main Event" - www.test-king.com 7
Te
Explanation: In the scenario you should have the DNS server upgraded to Active Directory-integrated zones which would permit the DNS servers to share an identical Active Directory database. You should additionally note that Active Directory-integrated zones support secure dynamic updates. You should also note that when the TTL is to minute that the load on the DNS servers would be increased.
st-
Ki
ng
.co
Microsoft 70-640: Practice Exam 137.134.12.33. TestKing.com wants you to provide a solution to the problem at hand. What should you do? A. You should consider having an MX record added to the local DNS server. B. You should consider having an MX record added to the local WINS server. C. You should consider having a DNS server added to the local subnet. D. You should consider having the host name mapped to "TESTKING-SR01 and add the IP address 137.134.12.33 in the local systems HOSTS file. Answer: D Explanation: Your best option to select in this scenario would be Option D. The HOSTS file is a text file-based database of mappings amid hostnames and IP addresses. It performs similar to a file based version of DNS and resolves a hostname to an IP address.
QUESTION NO: 10
What would your reply be?
A. You should inform TestKing.com that TESTKING-SR01 would only be able to host Secondary DNS. B. You should inform TestKing.com that TESTKING-SR01 would only be able to host stub DNS. C. You should inform TestKing.com that TESTKING-SR01 would only be able to host Primary DNS with Active Directory integration. D. You should inform TestKing.com that TESTKING-SR01 would only be able to host Read-only DNS. Answer: D Explanation:
Te
TestKing.com currently makes use of a computer named TESTKING-SR01 configured as a ReadOnly Domain Controller (RODC) server running DNS. During the course of the day you receive instruction from TestKing.com to determine which types of DNS zones are available on TESTKING-SR01.
st-
Ki
You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. TestKing.com has its headquarters located in London and branch office located in Paris. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista.
ng
.co
Microsoft 70-640: Practice Exam In the scenario you should note that installing DNS on a Read-Only Domain Controller (RODC) server that the copy of DNS would be a read-only copy. You should additionally note that the use of the read-only DNS zone does not permit making use of dynamic updates. Additionally an advantage of read-only DNS zones is that they can be placed in a non-secure location.
QUESTION NO: 11 You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. TestKing.com has its headquarters located in London and branch office located in Paris. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista. TestKing.com currently makes use of a computer named TESTKING-SR01 in the London office which has the DNS service role installed. During the course of the day you are informed by TestKing.com that non-domain members are able to dynamically register DNS records. TestKing.com has recently requested that you ensure that only the domain controllers of TestKing.com are able to dynamically register their DNS registration information. What should you do?
Answer: C
Explanation: In order to ensure that only domain members are able to register their DNS records dynamically you need to set the option Secure only for Dynamic updates. This will only allow the domain members to register their DNS records dynamically. Reference : www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/cnet/cncf_imp_afpf.mspx
QUESTION NO: 12 You are employed as the enterprise administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. All domain controllers at TestKing.com are configured to run Windows Server 2003. "Welcome to Certification's Main Event" - www.test-king.com 9
Te
st-
A. You should consider ensuring that the zone transfers are enabled to Name Servers B. You should consider ensuring that the Authenticated Users group is removed C. You should consider ensuring that the dynamic updates are set to Secure Only. D. You should consider ensuring that the Everyone group is denied the Create All Child Objects permission.
Ki
ng
.co
Microsoft 70-640: Practice Exam You have received instruction from management to install Windows Server 2008 on a server. You decide to add the Windows Server 2008 server as a domain controller to the TestKing.com domain. You need to identify the first step that needs to be performed. What should you identify? A. You should consider running the rundcpromo /createdcaccount command on the Windows Server 2008 domain controller. B. You should consider running the adprep /forestprep command on a domain controller. C. You should consider running the runadprep /rodcprep command on a domain controller. D. You should consider running the rundcpromo /adv command on the Windows Server 2008 domain controller. Answer: B
QUESTION NO: 13
During the course of the day you receive complaints from network users who have TESTKINGSR02 configured as their preferred DNS server are unable to access the Internet. TestKing.com wants you to ensure that the network users are able to access the Internet by enabling Internet name resolutions for all client computers. What should you do? A. You should consider having the .(root) zone updated on TESTKING-SR02 server. B. You should consider having TESTKING-SR01 configured to have a .(root) zone. C. You should consider having the .(root) zone deleted from the TESTKING-SR02 DNS server. D. You should consider having the DNS cache on TESTKING-SR02 deleted. E. You should consider having TESTKING-SR01 DNS server reconfigured and connect it to the domain.
Te
st-
Ki
You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. TestKing.com has its headquarters located in London and branch office located in Paris. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista. TestKing.com currently makes use of a computer named TESTKING-SR01 and TESTKING-SR02 configured as DNS servers. The configuration of TESTKING-SR01 and TESTKING-SR02 is shown below:
ng
.co
10
Microsoft 70-640: Practice Exam Answer: C Explanation: In this scenario, you should delete the .(root) zone on TestKing2 server. The .(root) zone is creating a problem. Windows Server 2008 follows specific steps for host name resolution. The server checks its zone records after querying its cache. After that, the DNS server sends requests to the forwarders and then tries resolution by using root servers. The TestKing2 server contains a root zone by default. This disables the DNS forwarding option and the DNS cannot act as a forwarder. To enable DNS forwarding, you have to delete the root zone. To delete the root zone you can either use the DNS snap-in or the dnscmd.exe command-line utility. You can use dnscmd /zonedelete parameter and specify the name of the DNS zone that you want to delete.
QUESTION NO: 14 You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. TestKing.com has its headquarters located in London and branch office located in Paris. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista. TestKing.com currently makes use of a computer named TESTKING-SR01 which has the DNS server role installed. TestKing.com currently has TESTKING-SR01 configured with a single network interface named KingAreaNetwork. During the course of the day you determine that the static IP address of the network interface is 192.168.1.100. TestKing.com recently requested that you create a DNS zone named local.TestKing.com on TESTKING-SR01. What should you do?
A. You should consider having the dnscmd TESTKING-SR01/ZoneAdd local.TestKing.com/DSPrimary command run from the command prompt. B. You should consider having the dnscmd TESTKING-SR01/ZoneAdd local.TestKing.com/Primary /file local.TestKing.com.dns command run from the command prompt. C. You should consider having the ipconfig /registerdns:local.TestKing.com command run from the command prompt. D. You should consider having the netsh interface ipv4 set dnsserver name=local.TestKing.com static 192.168.1.100 primary command run from the command prompt. Answer: B Explanation: In the scenario you should make use of the dnscmd TESTKING-SR01/ZoneAdd local.TestKing.com/Primary /file local.TestKing.com.dns command to create the zone named local.TestKing.com on TESTKING-SR01. "Welcome to Certification's Main Event" - www.test-king.com 11
Te
st-
Ki
ng
.co
Microsoft 70-640: Practice Exam You should additionally note that the DNS command used to add a zone uses the syntax bellow: dnscmd [ ServerName ] /zoneadd ZoneName ZoneType [ /dp FQDN |{ /domain | /enterprise | /legacy }] You should also note that the ServerName specifies where you specify the DNS server and ZoneName specifies the name of the zone and ZoneType would specify the type of zone to create which all requires different parameters to be used. Reference : Dnscmd Syntax http://technet2.microsoft.com/windowsserver/en/library/d652a163-279f-4047-b3e00c468a4d69f31033.mspx?mfr=true
QUESTION NO: 15 You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. TestKing.com has its headquarters located in London and branch office located in Paris. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista. TestKing.com currently makes use of a computer named TESTKING-SR01 in the London office as the network DNS server. TestKing.com currently has the network configured with each office containing a file server used to access and store files. During the course of the day you receive complaints from network users complaining about the long wait when connecting to network resources. You later checked the WAN bandwidth and discovered no problems. TestKing.com requested that you ensure the network users are able to access resources quickly as possible. What should you do? (Choose two)
A. You should consider having a DNS server installed in the Paris office. B. You should consider having a secondary zone configured in the Paris office. You should then ensure the secondary zone used the London office DNS server as a master. C. You should consider having forwarders configured in the Paris office. You should then configure the Paris office DNS server to point to the DNS server in the London office. D. You should consider having the Paris office configured with a standard primary zone. Answer: A,B Explanation: In the scenario you should have a DNS server installed in the Paris office with a separate zone for the office as a single zone can become overburdened consuming the bandwidth and we should ensure that the network users receive access to resources as quickly as possible.
Te
st-
Ki
ng
.co
12
Microsoft 70-640: Practice Exam The Paris office should be configured with a secondary zone which uses the London office DNS server as a master. You should then consider having copies of the zone file distributed among several name servers to ensure quick access to network resources. You should finally know that changes made to the primary zone are replicated to the secondary zone which is known as a zone transfer. You should also not confuse that a name server is necessarily the primary or secondary server because a DNS server might host the primary zone for a specific portion of the Organization name space and a secondary for another name space. You should then note that you would not be able to have forwarders set in the Paris office which means you would not be able to resolve names outside your own network. Reference : Getting Started With Microsoft DNS Server Primary and Secondary Zones http://www.microsoft.com/technet/archive/winntas/plan/dns0197.mspx?mfr=true Reference : Understanding forwarders http://technet2.microsoft.com/windowsserver/en/library/a3cf0184-0594-4e78-8247609f038434381033.mspx?mfr=true
QUESTION NO: 16
TestKing.com recently partnered with Weyland Industries which has an Active Directory Forest containing a single domain named Weyland.com. The Weyland.com domain additionally has an Active Directory Integrated DNS zone named Weyland.com. During the course of the day you receive instruction from TestKing.com to change the IP addresses of the Weyland.com DNS servers whilst ensuring name resolution for the TestKing.com users to the resources at Weyland.com. What should you do? A. You should consider having an application directory partition configured in the TestKing.com forest which enlists all DNS servers in the TestKing.com forest in the partition. B. You should consider having an application directory partition configured in the Weyland.com forest which enlists all DNS server in the TestKing.com forest in the partition. C. You should consider having a stub zone created for Weyland.com on TESTKING-SR01 at TestKing.com. "Welcome to Certification's Main Event" - www.test-king.com 13
Te
st-
You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory forest containing a single domain named testking.com. TestKing.com has its headquarters located in London and branch office located in Paris. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista. TestKing.com currently makes use of a computer named TESTKING-SR01 configured as the network DNS server hosting the Active Directory integrated DNS zone.
Ki
ng
.co
Microsoft 70-640: Practice Exam D. You should consider having the Zone Replication Scope for Weyland.com configured to replicate to all DNS servers in the TestKing.com forest in the partition. Answer: C Explanation: In the scenario you should consider having a stub zone created to ensure that the TestKing.com users are able to access resources in Weyland.com. You should additionally note that stub zones were introduced in Windows Server 2003 DNS which can be used to streamline name resolution especially in a split name scenario. You should additionally note that a stub zone is actually a copy of a zone containing only resource records requires to identify authoritative Domain Name System (DNS) server for the specific zone. The use of a stub zone is to resolve name resolution requests between separate DNS namespaces. Reference : DNS Stub Zones in Windows Server 2003 http://www.windowsnetworking.com/articles_tutorials/DNS_Stub_Zones.html
TestKing.com as additionally configured the servers in both offices to have Active Directoryintegrated DNS zones configured. During the course of the day you receive instruction from TestKing.com to ensure that all the client computers are configured to use their local DNS servers for name resolution whilst ensuring that the changes are immediately reflected at the Paris office DNS server when you change the IP address of TESTKING-SR01 in the London office. What should you do? A. You should consider having the standard domain controllers used at the Paris office instead of ththe Read-Only Domain Controller (RODC) server. B. You should consider having the Minimum (default) TTL option decreased to 15 minutes on the Start of Authority (SOA) record for the zone. C. You should consider having the dnscmd /ZoneUpdateFromDs command run at the command prompt on a domain controller in the London office "Welcome to Certification's Main Event" - www.test-king.com 14
Te
st-
You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. TestKing.com has its headquarters located in London and branch office located in Paris. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista. TestKing.com currently makes use of a computer named TESTKING-SR01 in the London office and TESTKING-SR02 in the Paris office both servers configured as Read-Only Domain Controllers (RODC) running DNS.
Ki
ng
QUESTION NO: 17
.co
Microsoft 70-640: Practice Exam D. You should consider having the dnscmd /ZoneUpdateFromDs command run at the command prompt on the Paris office servers. Answer: D Explanation: In order to reflect the change immediately, you need to run the dnscmd /ZoneUpdateFromDs command on the branch office servers. This command updates the specified ActiveDirectoryintegrated zone from ADDS. Reference : dnscmd /zoneupdatefromds http://technet2.microsoft.com/windowsserver2008/en/library/e7f31cb5-a426-4e25-b71488712b8defd51033.mspx?mfr=true
QUESTION NO: 18 You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. TestKing.com has its headquarters located in London and branch office located in Paris. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista. TestKing.com currently has the Paris office DNS server hosting a standard secondary zone configured to have the London office DNS servers as their Master servers. During the course of the day you receive instruction from TestKing.com to add an additional computer named TESTKING-SR03 to the newly acquired Toronto office. You have later installed and configured DNS service and configured a secondary zone on TESTKING-SR03 for the domain. Whilst performing your routine maintenance you discovered that the zone transfer has failed on TESTKING-SR03. TestKing.com wants you to configure DNS to provide zone data to the DNS server TESTKING-SR03 in the Toronto office. What should you do? A. You should consider having TESTKING-SR03 added to the DNSUpdateProxy Global security group in Active Directory Users and Computers. B. You should consider having dnscmd /ZoneResetMasters command run at the command prompt. C. You should consider having the Zone Transfers tab opened on one of the DNS servers in the London office. You should then have TESTKING-SR03 added to the list.
Te
st-
Ki
ng
.co
15
Microsoft 70-640: Practice Exam D. You should consider having the dnscmd /ZoneResetSecondaries command run at the command prompt. Answer: C Explanation: In the scenario you should consider having a new DNS server added via the Zone Transfers tab on the DNS Server in the London office to configure the DNS zone to provide zone data to the DNS servers in the Paris office. You should additionally note that the DNS servers in the London office can be configured as Active Directory-integrated zones which would have the London office DNS server configured as primary name servers. You should then additionally remember that you would be required to click the 'Records' button in the main window when enabling zone transfers for a single zone in addition to right clicking the zone you ish to enable zone transfers and selecting the 'Properties' option from the popup menu in the "Zone Properties" tab when specifying which IP addresses are allowed fir zone transfers. Reference : 4.8. Active Directory-Integrated Zones http://safari.adobepress.com/9780596514112/active_directory-integrated_zones Reference : Enabling Zone Transfers from another DNS server http://www.simpledns.com/kb.aspx?kbid=1156
QUESTION NO: 19
You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com and a public name space uk.TestKing.com. TestKing.com has its headquarters located in London and branch office located in Paris. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista. During the course of the business day you receive instruction from TestKing.com to ensure that the public DNS records are not copied without impacting the functionality of public DNS name resolution requests. What should you do? A. You should consider having the All domain controllers in the domain zone replication option enabled on TestKing.com. B. You should consider having the Notify feature deselected for the uk.TestKing.com zone. C. You should consider having the Allow - Read permission disabled in the Everyone group on the uk.TestKing.com DNS domain. D. You should consider having the Allow zone transfers only to servers listed on the Name Servers option enabled on uk.TestKing.com "Welcome to Certification's Main Event" - www.test-king.com 16
Te
st-
Ki
ng
.co
Microsoft 70-640: Practice Exam Answer: D Explanation: In the scenario you should consider having the public zone configured to Allow zone transfers only to servers listed on the Names Servers option on TestKing.com which would ensure that public DNS zone records are able to be copied without impacting the functionality of the public DNS servers. You should additionally note that using only the allowed server listed that you are restricting zone transfers to only known servers listed in the Name Servers resource option on TestKing.com. Reference : DNS Zones http://books.google.co.in/books?id=pL89TOMFcHsC&pg=RA1-PA244&lpg=RA1PA244&dq=Allow+zone+transfers+only+to+servers+listed+on+the+Name+Servers+option+&sourc e=web&ots=StFz29rSf5&sig=0wRSARkgYxCy2ohweQs4QUDMqEQ&hl=en#PRA1-PA243,M1
QUESTION NO: 20
During the course of the day you receive complaints from client computers on the external network that they are unable to send e-mail messages to the TestKing.com network. Whilst doing routine maintenance you discover that a host (A) DNS record exists for TESTKING-SR02 on the external computers. TestKing.com wants you to ensure that TESTKING-SR02 is configured correctly to receive e-mail messages. What should you do? A. You should consider having a Service Location (SRV) record added for TESTKING-SR02. You should then set the Service field to _smtp and the Protocol field to _tcp using Port Number 25. B. You should consider having a Canonical (CNAME) record added which maps TESTKING-SR02 to TestKing.com. C. You should consider having a Mail Exchanger (MX) record added for TESTKING-SR02. D. You should consider having a Mailboc (MB) record added for TESTKING-SR02. You should then set the Mailbox Host setting to TESTKING-SR02.
Te
st-
Ki
You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. TestKing.com has its headquarters located in London and branch office located in Paris. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista. TestKing.com currently makes use of a computer named TESTKING-SR01 that is configured as the network public DNS server. TestKing.com additionally uses a computer named TESTKING-SR02 configured as an e-mail server.
ng
.co
17
Microsoft 70-640: Practice Exam Answer: C Explanation: In the scenario you should consider having a Mail Exchanger (MX) record added for TESTKINGSR02 to ensure that TESTKING-SR02 is to receive e-mail from external client computers. You should additionally note that the MX record controls the way e-mail is delivered and are particularly used to locate the receiving mail servers for a given host with the order of priority of these mail servers. You should also remember that non-RFX-compliant server fail to deliver e-mail for domain which lack MX records which includes certain versions of Microsoft Exchange. In the scenario you are aware that host (A) DNS records are available to the external client computers soo configuring the Mail Exchanger record for TESTKING-SR02 defines the destination host record for the mail server. You should finally note that the destination mail server record uses the host (A record not a CNMAE or IP address. Reference : E-mail, Mail Exchangers, and DNS http://www.dyndns.com/support/kb/email_mail_exchangers_and_dns.html
QUESTION NO: 21
During the course of the day you receive instruction from TestKing.com to install DNS on a member server in the Paris office named TESTKING-SR02 which meets the requirements set below:TESTKING-SR02 should be able to query the London office DNS servers.TESTKING-SR02 should be configured to ensure a limited number of DNS records would be transferred to TESTKING-SR02 in the Paris office. What should you do? A. You should consider having TESTKING-SR02 configured with a secondary zone. B. You should consider having TESTKING-SR02 installed in the Paris office. You should then configure a stub zone in the London office. C. You should consider having TESTKING-SR02 configured with a primary zone. D. You should consider having TESTKING-SR02 configured with a stub zone. Answer: D
Te
st-
You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. TestKing.com has its headquarters located in London and branch office located in Paris. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista. The TestKing.com network currently contains multiple DNS servers in the London office.
Ki
ng
.co
18
Microsoft 70-640: Practice Exam Explanation: You should consider having a DNS server install in the Paris office configured as a stub zone which would ensure that the DNS server in the Paris office is able to query any DNS server in the London office ensuring that only a limited number of DNS records are transferred to the DNS server in the Paris office. You should note that the stub zone is a copy of a zone containing only the resource records required to identify authoritative name server for the zone. You should be aware that a stub zone keeps a DNS server hosting a parent zone aware of the authoritative DNS servers for its child zone. You should additionally note that the stub zone would only contain a copy of the SOA and NS records for the name servers authoritative for the for the zone and no CNAME records, MX records or SRV records for the other hosts in the zone. Reference : DNS Server Role http://technet2.microsoft.com/windowsserver2008/en/library/533a1cfc-5173-4248-914c433bd018f66d1033.mspx?mfr=true Reference : What is Stub zone in DNS/ What Stub Zones Do http://caloni00net.blog.dada.net/post/439393/What+is+Stub+zone+in+DNS
QUESTION NO: 22
You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. TestKing.com has its headquarters located in London and branch office located in Paris. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista. The London and Paris office are connected via a WAN link. TestKing.com currently makes use of a computer named TESTKING-SR01 configured as a DNS server hosting the Active Directory Integrated zone and TESTKING-SR02 in the Paris office configured as a DNS server hosting the secondary zone for TestKing.com. TestKing.com has recently requested that you configure TESTKING-SR02 to have TESTKING-SR01 as the DNS Master server for the zone whilst minimizing the DNS zone transfer traffic over the WAN link. What should you do? A. You should consider having the refresh interval setting increased in the Start of Authority (SOA) record for the zone. B. You should consider having the refresh interval setting decreased in the Start of Authority (SOA) record for the zone. "Welcome to Certification's Main Event" - www.test-king.com 19
Te
st-
Ki
ng
.co
Microsoft 70-640: Practice Exam C. You should consider having the Retry Interval setting decreased in the Start of Authority (SOA) record for the zone. D. You should consider having the netmask ordering option disabled in the properties of TESTKING-SR01. Answer: A Explanation: In the scenario you should consider having the Refresh Interval setting increased in the Start Of Authority record for the zone to have DNS zone transfer traffic minimized over the WAN link. You should additionally note that the Refresh Interval is responsible for informing the secondary name server when to poll the primary names server and how often to check for a serial number change. You should also be aware that the Refresh Interval effects how long DNS changes made on the Primary server takes to propagate which means the configurations made would ensure that zone transfers occur less frequently. Reference : DNS Resource Records/ SOA Record Data Fields http://www.cisco.com/en/US/tech/tk648/tk362/technologies_tech_note09186a0080094727.shtml#t opic2
QUESTION NO: 23
TestKing.com currently makes use of a computer named TESTKING-SR01 which has the DNS server role installed. During the course of the day whilst performing routine maintenance you discovered a few stale resource records in the TestKing.com zone. You later decided to enable scavenging on TESTKING-SR01 to get rid of the stale records. A month later you during your security maintenance you discover that the same stale records still exist. TestKing.com wants you to ensure that the stale records are removed from the TestKing.com zone. What should you do? A. You should consider having the dnscmd TESTKING-SR01 /AgeAllRecords command run at the command prompt. B. You should consider having the DNS service on TESTKING-SR01 stopped and restarted. C. You should consider having the dnscmd TESTKING-SR01 /StartScavenging command run at the command prompt. "Welcome to Certification's Main Event" - www.test-king.com 20
Te
st-
You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory forest containing a single domain named testking.com. TestKing.com has its headquarters located in London and branch office located in Paris. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista.
Ki
ng
.co
Microsoft 70-640: Practice Exam D. You should consider having scavenging enabled on the TestKing.com zone. Answer: D Explanation: You again noticed the same stale resource records still lay TestKing.com even after enabled DNS scavenging on TESTKING-SR01 because the TESTKING-SR01 may not have TestKing.com zone integrated with ADDS and loaded at the server. To ensure that the stale resource records are removed from na.TestKing.com, you need to enable DNS scavenging on the TestKing.com zone. The aging and scavenging can be configured for specified zones on the DNS server to make sure that the stale records are removed from the specified zone. Reference : Enable Aging and Scavenging for DNS http://technet2.microsoft.com/windowsserver2008/en/library/7972082c-22a1-44fc-8e39841f7327b6051033.mspx?mfr=true
QUESTION NO: 24
During the course of the day you configure the client computer to use their respective office DNS servers for DNS name resolution. TestKing.com has recently requested that you change the IP address of TESTKING-SR03 a member server in the London office. TestKing.com wants you to ensure that TESTKING-SR02 reflects the changes immediately. What should you do? A. You should consider having the dnscmd /zonerefresh command run at the command prompt on TESTKING-SR02. B. You should consider having the dnscmd /zonerefresh command run at the command prompt on TESTKING-SR01. C. You should consider having the refresh interval ser to 10 minutes on the Start Of Authority (SOA) record.
Te
st-
You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. TestKing.com has its headquarters located in London and branch office located in Paris. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista. TestKing.com currently makes use of a computer named TESTKING-SR01 which is configured as a DNS server hosting the DNS primary zone for TestKing.com and a computer named TESTKING-SR02 in the Paris office configured as a DNS server hosting the DNS secondary zone for TestKing.com.
Ki
ng
.co
21
Microsoft 70-640: Practice Exam D. You should consider having the DNS Server service restarted on TESTKING-SR01. Answer: B Explanation: In order to ensure that TESTKING-SR02 reflects the change immediately you need to run the dnscmd command on TESTKING-SR01 and use the /zonerefresh option for the command The dnscmd /zonerefresh option will manually force zone replication on TESTKING-SR02 Reference : How can I easily administer DNS servers by using the command prompt? http://www.petri.co.il/dnscmd_command_in_windows_2000_2003.htm
QUESTION NO: 25 You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory forest containing a single domain named testking.com. TestKing.com has its headquarters located in London and branch office located in Paris. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista. TestKing.com currently makes use of a computer named TESTKING-SR01 in the London office which has the DNS Server role installed. During the course of the day you receive instruction from TestKing.com to prepare the network for decommissioning the WINS service from the network. TestKing.com wants you to have forest-wide single name resolution. What should you do?
A. You should consider having a LegacyWINS zone created. You should then have host (A) records created for single name resources. B. You should consider having a GlobalNames zone created. You should then have host (A) records created for single name resources. C. You should consider having WINS-R lookup enabled in DNS. D. You should consider having Service Locator (SRV) records created for single name resources. Answer: B Explanation: In order to decommission the WINS service and to enable forest-wide single name resolution, you need to create an Active Directory-integrated zone named GlobalNames and create host (A) records for the single name resources. GNZ is intended to aid the retirement of WINS. Windows Server 2008 (WS2K8) introduces the GlobalNames zone (GNZ) where larger environments with multiple DNS suffixes can use a single "Welcome to Certification's Main Event" - www.test-king.com 22
Te
st-
Ki
ng
.co
Microsoft 70-640: Practice Exam name host across all domains. To help customers migrate to DNS for all name resolution, the DNS Server role in Windows Server 2008 supports a special GlobalNames Zone (also known as GNZ) feature. Some customers in particular require the ability to have the static, global records with single-label names that WINS currently provides. These single-label names typically refer to records for important, well-known and widely-used servers for the company, servers that are already assigned static IP addresses and are currently managed by IT-administrators using WINS. GNZ is designed to enable the resolution of these single-label, static, global names for servers using DNS. Reference : Understanding GlobalNames Zone in Windows Server 2008 http://www.petri.co.il/windows-DNS-globalnames-zone.htm
QUESTION NO: 26 You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. TestKing.com has its headquarters located in London and branch office located in Paris. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista. During the course of the day you receive instruction from TestKing.com do design a security solution for TestKing.com which is isolated from the Internet. TestKing.com has additionally requested that you determine the recommendations for DNS. What should you do? (Choose two)
A. You should consider having Active Directory integrated zones used on the network. B. You should consider having secondary zones used on the network. C. You should consider having a private DNS infrastructure used with internal root hint servers. D. You should consider having secure dynamic updates used on the network. Answer: A,C Explanation: In this scenario your best option would be to recommend the use of integrated Active Directory zones and a private DNS infrastructure with internal root hint servers. When the DNS infrastructure is isolated from the Internet you have to configure it with root hints. The root hints have to be pointed to the internal servers. The default Windows Server 2008 servers usually point to the Internet's root name servers. The Active Directory zones will supply you with extra security and fault tolerance. Recommending the use of secure dynamic updates is incorrect. Dynamic updates should not be "Welcome to Certification's Main Event" - www.test-king.com 23
Te
st-
Ki
ng
.co
Microsoft 70-640: Practice Exam permitted in secure environments. Recommending the use of secondary zones is incorrect. Secondary zones are less secure than Active Directory zones. Reference : Syngress.The.Real.MCTS.MCITP.Exam.70-648.Prep.Kit.Mar.2008
QUESTION NO: 27 You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. TestKing.com has its headquarters located in London and branch office located in Paris. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista. During the course of the day you receive instruction from TestKing.com to prepare the TestKing.com network for the transition of DNS services to Active Directory Integrated zones whilst determining the key features. What should you do?
Answer: A
Explanation: Permissions permits secure dynamic updates. The replication of zone recordswill happens at the property level. These records are encrypted and compressed. The records of the integrated zones are kept in the AD directory services. The records are kept inactive Directory which is objects that the permissions are assigned to. Reference : Syngress.The.Real.MCTS.MCITP.Exam.70-648.Prep.Kit.Mar.2008
Section 2, Configure DNS server settings (12 Question)
QUESTION NO: 28
Te
st-
A. You should consider having all the options below used. B. You should consider having Zone records kept as Active Directory objects. C. You should consider having Active Directory integrated zones stored in Active Directory. D. You should consider having dynamic updates allowed. E. You should consider having replication be more efficient and secure.
Ki
ng
.co
24
Microsoft 70-640: Practice Exam You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory forest containing a single domain named testking.com. TestKing.com has its headquarters located in London and branch office located in Paris. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista. TestKing.com currently makes use of two computer named TESTKING-DC01 and TESTKINGDC02 in the London office which have the DNS Server role installed. TestKing.com additionally deployed a computer named TESTKING-DC03 configured as a Readonly Domain Controller (RODC) which has the DNS Server role installed and configured with Active Directory-integrated zones. During the course of the day you receive instruction from TestKing.com to configure secure updates on the DNS servers whilst ensuring that TESTKINGDC03 is configured to accept dynamic DNS updates. What should you do? A. You should consider having TESTKING-DC03 the Read-only Domain Controller (RODC) reconfigured to allow dynamic updates. B. You should consider having the dnscmd/ZoneResetType command run at the command prompt on TESTKING-DC03. C. You should consider having an active partition created and configured on TESTKING-DC01 to store the Active Directory-integrated zones. D. You should consider having Active Directory Domain services uninstalled in TESTKING-DC03. You should then re-install Active Directory as a writeable domain controller. Answer: D
Explanation: In order to enable the dynamic DNS updates on TESTKING-DC03 you need uninstall the Active Directory Domain services on TESTKING-DC03. Thereafter you can reinstall it as a writeable domain controller. A writeable domain controller performs originating updates and outbound replication. Reference: http://msdn.microsoft.com/en-us/library/cc207937.aspx
QUESTION NO: 29 You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory forest containing a single domain named testking.com. TestKing.com has its headquarters located in London and branch office located in Paris. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista. TestKing.com currently makes use of a computer named TESTKING-SR01 in the London office "Welcome to Certification's Main Event" - www.test-king.com 25
Te
st-
Ki
ng
.co
Microsoft 70-640: Practice Exam which has the DNS Server role installed with Active Directory-integrated zone configured for two sites containing four domain controllers each. A new company directive is received during the day that states that a new NS record needs to be added to the zone. Additionally TestKing.com informs you that the newly created NS record has to be received instantaneously by the domain controllers. What should you do? A. You should consider having a Start-Of Authority (SOA) record created in the DNS Manager console. B. You should consider having the DNS server service shutdown and restarted from the services snap-in. C. You should consider having the repadmin/syncall command executed at the command prompt. D. You should consider having the zone reloaded from the DNS Manager console. Answer: C
QUESTION NO: 30
During the course of the day you receive instruction from TestKing.com to install an additional DNS server named TESTKING-SR03 on the perimeter network. You have later decided to configure TESTKING-SR01 to forward all unresolved requests to TESTKING-SR03. During your routine maintenance you discover that DNS forward option is unavailable on TESTKING-SR02. TestKing.com recently requested that you travel to the Paris office and configure DNS forwarding on TESTKING-SR02 to forward the unresolved name requests to TESTKING-SR03. What should you do? (Choose two) A. You should consider having the Root zone deleted on TESTKING-SR02. B. You should consider having zone forwarding added on TESTKING-SR02. C. You should consider having the DNS cached cleared on TESTKING-SR02. D. You should consider having conditional forwarding configured on TESTKING-SR02. Answer: A,D
Te
st-
You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. TestKing.com has its headquarters located in London and branch office located in Paris. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista. TestKing.com currently makes use of two computers named TESTKING-SR01 and TESTKING-SR02 configured with the DNS server role.
Ki
ng
.co
26
Microsoft 70-640: Practice Exam QUESTION NO: 31 You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. TestKing.com has its headquarters located in London and branch office located in Paris. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista. TestKing.com currently makes use of a computer named TESTKING-SR01 which has the DNS server role installed. During the course of the day you receive instruction from TestKing.com to have all inbound DNS queries to TESTKING-SR01 recorded. What should you do? A. You should consider having automatic testing for recursive queries enabled in the DNS Manager Console. B. You should consider having debug logging enabled in the DNS Manager Console. C. You should consider having event logging configured to log errors and warnings in the DNS Manager Console. D. You should consider having automatic logs for recursive queries disabled in the DNS Manager Console. Answer: B
QUESTION NO: 32
You work as the network administrator at TestKing.com. The TestKing.com network consists of two Active Directory forests named TestKing.com and us.TestKing.com. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista. TestKing.com currently makes use of three computer named TESTKING-SR01, TESTKING-SR02 and TESTKING-SR03 which are configured as DNS servers. The settings of the DNS servers are shown in the exhibit below: TESTKING-SR03 is configured for all workstations in the testking-south.com domain as the DNS server. TESTKING-SR01 is configured as the DNS server for the other workstations. During routine monitoring you discover that employees from testking-south.com are unable to connect to the servers belonging to testking-north.com. You receive an instruction from the CIO to make sure that all testking-south.com queries can be resolved by employees at testking-north.com. What should you do? A. This can be accomplished by creating a copy of the_msdcs.testking-north.com zone on TESTKING-SR03.
Te
st-
Ki
ng
.co
27
Microsoft 70-640: Practice Exam B. This can be accomplished by creating configuring conditional forwarding on TESTKING-SR03 in order to forward testking-north.com queries to TESTKING-SR01. C. This can be accomplished by creating a copy of the testking-south.com zone on TESTKINGSR01 as well as TESTKING-SR02. D. This can be accomplished by configuring conditional forwarding on TESTKING-SR01 and TESTKING-SR02 in order to forward testking-south.com queries to TESTKING-SR03. Answer: B
QUESTION NO: 33 You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. TestKing.com has its headquarters located in London and branch office located in Paris. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista. TestKing.com currently makes use of a computer named TESTKING-SR01 which has the DNS Server role installed. During the course of the day you a network user named Rory Allen send a recursive query looking for the IP address of www.Weyland.com. Rory Allen has then discovered that the DNS server cannot find any local zones matching the requested domain name and the DNS server forwards the request to a root name server. Rory Allen wants to know what the root name server should reply with. What would your reply be?
A. The root name server would reply with the IP address of www.Weyland.com B. The root name server would reply with the IP address of the name server for the .com top-level domain. C. The root name server would reply with the IP address of the name server for the Weyland.com domain. D. The root name server would reply with the DNS name of the .com top-level domain. Answer: B Explanation: The root name server has control over the root domain and has to reply with the IP address of a name server for the .com top-level domain. Upon receiving the IP address of the top-level domain the system should inquire for the Weyland.com address.
QUESTION NO: 34
Te
st-
Ki
ng
.co
28
Microsoft 70-640: Practice Exam You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. TestKing.com has its headquarters located in London and branch office located in Paris. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista. During the course of the day whilst performing routine maintenance you discovered that a spammer tried sending junk mail via an unwary mail server at TestKing.com. You have additionally determined that the spammer used a fake DNS name which they assumed would be accepted by the mail server but is still rejected. TestKing.com has later asked you what caused to mail server to refuse the spammer's mail. What would your reply be? A. You should inform TestKing.com that the mail is rejected when a mail server doing a reverse lookup zone with the aim of confirming that DNS names are not fake. B. You should inform TestKing.com that the mail is rejected when the spammer has no MX record in the database of the DNS server which serves the mail server's domain. C. You should inform TestKing.com that the mail is rejected when the spammer's DNS name is not found in the cache file of the primary DNS server serving the mail server's domain. D. You should inform TestKing.com that the mail is rejected when a fake DNS name is detected. Answer: A
QUESTION NO: 35
You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. TestKing.com has its headquarters located in London and branch office located in Paris. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista. During the course of the day you receive instruction from TestKing.com to troubleshoot an error reported by a network user named Rory Allen who states the client computer appears to contain outdated DNS data. You later decided to use the ipconfig command line utility to view what DNS servers the client is using when pinging to confirm connectivity to those server. What should you do? A. You should consider having the dns /register command run at the command prompt. "Welcome to Certification's Main Event" - www.test-king.com 29
Te
st-
Explanation: The majority of mail servers are capable of being configured to have incoming mail rejected from servers whose IP addresses cannot be determined with a reverse lookup.
Ki
ng
.co
Microsoft 70-640: Practice Exam B. You should consider having the ipconfig /flushdns command run at the command prompt. C. You should consider having the ipconfig /cleardns command run at the command prompt. D. You should consider having the nslookup /flushdns command run at the command prompt. Answer: B Explanation: The command ipconfig /flushdns clears up the local DNS cache.
QUESTION NO: 36 You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. TestKing.com has its headquarters located in London and branch office located in Paris. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista. During the course of the day TestKing.com is approached by Weyland Industries who wants TestKing.com to configure their Windows Server 2008 DNS server to answer queries for hosts on the local intranet but not the Internet. What should you do? (Choose two)
Answer: A,D
Explanation: Having the server configured as a root server and leaving forwarding off indicates that the server will either answer a query for known addresses or return a failure for unknown addresses.
QUESTION NO: 37 You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. TestKing.com has its headquarters located in London and branch office located in Paris. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista. During the course of the day a network user named Rory Allen asked you which tools can be used to configure DNS server services. "Welcome to Certification's Main Event" - www.test-king.com 30
Te
A. You should consider having the forwarding option left turned off. B. You should consider having the Weyland Industries DNS server installed behind the Weyland Industries firewall. C. You should consider having recursive lookups disabled. D. You should consider having the Weyland.com server configured as a root server. You should then leave the root hints for the top-level domains.
st-
Ki
ng
.co
Microsoft 70-640: Practice Exam What would your reply be? A. You should inform Rory Allen that the Network Properties can be used to configured DNS server services. B. You should inform Rory Allen that the Active Directory Users and Computers can be used to configured DNS server services. C. You should inform Rory Allen that the DNS administrative tool can be used to configured DNS server services. D. You should inform Rory Allen that the Computer Management can be used to configured DNS server services. Answer: C Explanation: The DNS administrative tool is to be used to configure settings for the DNS server service. DNS zone files can be manually edited by making use of a standard text file editor.
QUESTION NO: 38
What would you reply be?
A. You should inform Rory Allen that you plan on using the OU password policy. B. You should inform Rory Allen that you plan on using the fine-grained password policy. C. You should inform Rory Allen that you plan on using the Multiple password policy. D. You should inform Rory Allen that you plan on using the DSA password policy. Answer: B Explanation: Windows Server 2008 boasts a new fine-grained password policy which permits an organization to have different password as well as account lockout policies for diverse sets of users in the same domain.
Te
During the course of the day you receive instruction from TestKing.com to utilize multiple account lockout policies. A network user named Rory Allen has recently asked you which policy type you would use.
st-
Ki
ng
.co
31
Microsoft 70-640: Practice Exam
QUESTION NO: 39 You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. TestKing.com has its headquarters located in London and branch office located in Paris. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista. During the course of the day you received instruction from TestKing.com to prevent the network users from starting or stopping a particular service on a domain controller named TESTKING-DC01. What should you do? A. You should consider having the Domain Security Policy used. B. You should consider having the Local System Policy used. C. You should consider having the Active Directory Users and Computers tool used. D. You should consider having the Domain Controller Security Policy used. Answer: D
QUESTION NO: 40
You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory forest containing a single domain named testking.com. TestKing.com has its headquarters located in London and branch office located in Paris. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista. TestKing.com currently makes use of a computer named TESTKING-DC01 in the London office and TESTKING-DC02 in the Paris office each configured as an Active Directory site. During the course of the day you notice all sites are connected with the DEFAULTIPSITELINK object. You receive an instruction from the CIO to reduce any replication latency that may exist between TESTKING-DC01 and TESTKING-DC02. What should you do? A. You should consider having the replication interval for the DEFAULTIPSITELINK object decreased.
Te
st-
Ki
Explanation: The settings made in the Domain Controller Security Policy tool are only relevant to domain controllers. Section 3, Configure zone transfers and replication (8 Questions)
ng
.co
32
Microsoft 70-640: Practice Exam B. You should consider having the replication interval for the DEFAULTIPSITELINK object increased. C. You should consider having the connection replication interval for all connection objects decreased. D. You should consider having the cost between the connection objects decreased. Answer: A
QUESTION NO: 41 You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. TestKing.com has its headquarters located in London and branch office located in Paris. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista. TestKing.com currently makes use of two computers named TESTKING-SR01 in the London office and TESTKING-SR02 in the Paris office which has the DNS Server role installed. During the course of the day you receive instruction from TestKing.com to create a new Active Directoryintegrated zone. TestKing.com additionally wants you to ensure that the new zone is only replicated to one domain controller. What should you do?
A. You should consider having a new delegation configured in the ForestDnsZones application directory partition. B. You should consider having the dnscmd/createdirectorypartition command run at the command prompt. C. You should consider having the dnscmd/enlistdirectorypartition command executed from the command prompt. D. You should consider having a delegation created in the DomainDnsZones application directory partition. Answer: B
QUESTION NO: 42 You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. TestKing.com has its headquarters located in London and branch office located in Paris. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista. TestKing.com currently makes use two computers named TESTKING-SR01 and TESTKING-SR02 configured as DNS servers. The configuration of the DNS servers is shown in the exhibit below: "Welcome to Certification's Main Event" - www.test-king.com 33
Te
st-
Ki
ng
.co
During the course of the day you receive complaints from the network users that they are not able to connect to Internet websites while using TESTKING-SR02 as their preferred DNS server. TestKing.com recently requested that you enable Internet name resolution for all client computers on the network. What should you do? A. You should consider having the list of root hints servers updated on TESTKING-SR02. B. You should consider having a copy of the .(root) zone created on TESTKING-SR01. C. You should consider having the .(root)zone deleted from TESTKING-SR02. You should then have conditional forwarding configured on TESTKING-SR02. D. You should consider having the Cache.dns file updated on TESTKING-SR02. You should then have conditional forwarding configured on TESTKING-SR01. Answer: C
QUESTION NO: 43
One of the administrators in your department created an Active Directory-integrated zone for TestKing.com. TestKing.com has recently acquired a UNIX-based DNS server named TESTKINGSR01. During the course of the business day you receive an instruction from the CIO to configure the Windows Server 2008 organization. TestKing.com plans to make use of this configuration to permit zone transfers of the TestKing.com zone to TESTKING-SR01. What should you do? A. You should consider having recursion disabled in the DNS Manager console. B. You should consider having a stub zone created in the DNS Manager console. C. You should consider having a secondary zone created in the DNS Manager console. D. You should consider having BIND secondaries enabled in the DNS Manager console. "Welcome to Certification's Main Event" - www.test-king.com 34
Te
st-
Ki
ng
.co
Microsoft 70-640: Practice Exam Answer: D
QUESTION NO: 44 You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. TestKing.com has its headquarters located in London and branch office located in Paris. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista. The London office and Paris office are linked via a slow satellite link. During the course of the day you receive instruction from TestKing.com to install DNS into the Paris office to ensure that the client computers in the Paris office are easily locate authoritative DNS server located in the London office. What should you do?
Answer: B
QUESTION NO: 45
You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. TestKing.com has its headquarters located in London and branch office located in Paris. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista. TestKing.com currently makes use two computers named TESTKING-SR01 running the DNS service configured as a primary master and TESTKING-SR02 configured as a secondary master for the TestKing.com zone. A network user named Rory Allen wants to know which part of the DNS zone would be used to establish whether or not zone data has changed. What would your reply be? "Welcome to Certification's Main Event" - www.test-king.com 35
Te
st-
Explanation: Stub zones are extremely effective for use in slow WAN connections. These zones only store three types of resource records that being: NS records, glue host (A) records, and SOA records. These three records can be utilized to locate authoritative DNS servers.
Ki
ng
A. You should consider having Active Directory-integrated zones created in the Paris office. B. You should consider having a stub zone created in the Paris office C. You should consider having a primary DNS zone created in the Paris office. D. You should consider having a secondary DNS zone created in the Paris office.
.co
Microsoft 70-640: Practice Exam A. You should inform Rory Allen that the secondary master would use the serial number. B. You should inform Rory Allen that the secondary master would use the database record tombstone. C. You should inform Rory Allen that the secondary master would use the TTL, or time to live. D. You should inform Rory Allen that the secondary master would use the NS record. Answer: A Explanation: The serial number is utilized by secondary servers to establish whether or not the zone data has changed. This value is routinely updated with Windows Server 2008 DNS server by default. The zone's TTL is used to verify what time to query for an update of the zone file from the master server except if a Notify message has been sent by the master server in the interim.
QUESTION NO: 46 You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. TestKing.com has its headquarters located in London and branch office located in Paris. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista. During the course of the day you receive instruction from TestKing.com to have several server in the network mirror each other in the occurrence of server failure. TestKing.com has recently deployed a Web server named TESTKING-SR01 hosting the www.testking.com web site. During your routine maintenance you decided to replicate the website replicated to the Paris office with all required host records in DNS. During the week you have discovered that only one DNS server is responding to client requests. TestKing.com has requested that you check if the default settings which were changed whilst ensuring the Web site would be able to utilize all the mirrored web servers. What should you do? A. You should consider having Round robin enabled. B. You should consider having the request redirector enabled. C. You should consider having the correct priorities metric configured for the hostname. D. You should consider having DNS sharing enabled. E. You should consider having IIS sharing enabled. Answer: A Explanation: The round robin option permits you to bear a hostname listed with multiple IP addresses and then, as each request enters the DNS server, rotate the list, in succession presenting all of the IP "Welcome to Certification's Main Event" - www.test-king.com 36
Te
st-
Ki
ng
.co
Microsoft 70-640: Practice Exam addresses. This will have the load balanced out across all the servers which you have mirrored as well as configured in the DNS.
QUESTION NO: 47 You work as an enterprise administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. All servers on the TestKing.com network run Windows Server 2008. The Testking.com network contains two DNS servers. The DNS servers are named TESTKING-SR13 and TESTKING-SR14. The exhibit below illustrates how the DNS servers are configured: You receive numerous complaints from domain users that they are unable to establish a connection to Internet Web sites. You check and discover that the error occurs with the users that make use of TESTKING-SR14. To ensure that enhance productivity you need to ensure that the Internet name resolution is enabled for all user workstations. What should you do?
Answer: B
QUESTION NO: 48 TestKing.com has hired you as a systems administrator for their network. The TestKing.com network consists of a single Active Directory domain named testking.com. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows XP Professional. TestKing.com has acquired another company named TestLabs Inc that contains an Active Directory domain named intranet.testlabs.com. A security policy of TestLabs Inc prevents internal DNS zone data to be transfered to users outside the testlabs.com network. During the course of the day you receive an instruction from the CIO to grant employees of TestKing.com the necessary permissions to allow them to resolve names from intranet.testlabs.com. "Welcome to Certification's Main Event" - www.test-king.com 37
Te
st-
A. This can be accomplished by ensuring that a list of root hints servers is updated on TESTKINGSR14. B. This can be accomplished by ensuring that the .(root) zone is deleted from TESTKING-SR14. Thereafter conditional forwarding should be configured on TESTKING-SR14. C. This can be accomplished by ensuring that the Cache.dns file is updated on TESTKING-SR14. Thereafter conditional forwarding should be configured on TESTKING-SR13. D. This can be accomplished by ensuring that a copy of the .(root) zone is created on DNSL.
Ki
ng
.co
Microsoft 70-640: Practice Exam What should you do? A. This can be accomplished by putting intranet.testlabs.com in the Active Directory of TestKing.com. B. This can be accomplished by having a subzone established for the intranet.testlabs.com domain. C. This can be accomplished by reconfiguring the intranet.testlabs.com domain as a standard primary zone. D. This can be accomplished by setting conditional forwarding for the intranet.testlabs.com domain. Answer: D Explanation: In order to permit a TestKing.com user to resolve names from intranet.testlabs.com domain you need to set the conditional forwarding for the intranet.testlabs.com domain. A conditional forwarding is a DNS query setting that allows a DNS server to route a request for a particular name to another DNS server by specifying a name and IP address.
QUESTION NO: 49
You are responsible for managing two domain controllers named TESTKING-DC01 and TESTKING-DC02. You receive numerous complaints from other administrators attempting to log on to TESTKING-DC01 and TESTKING-DC02. You decide to determine the logon attempts on TESTKING-DC01 and TESTKING-DC02. What should you do? A. You should consider checking the security tab on the domain controller computer object. B. You should consider accessing the Event Viewer on the Administrators workstations. C. You should consider checking the security log on domain controller using event viewer. D. You should consider checking executing the netsh/events command on the command prompt. Answer: C Explanation: In order to identify the logon attempts on the domain controllers you need to access the Event Viewer and check the logon attempts. The Event viewer will tell you the IP address and other "Welcome to Certification's Main Event" - www.test-king.com 38
Te
st-
TestKing.com has employed you as a network administrator. The TestKing.com network consists of a single Active Directory domain named testking.com. All servers on the TestKing.com network run Windows Server 2008. Half the client computers run Windows XP Professional, and the rest run Windows Vista.
Ki
ng
.co
Microsoft 70-640: Practice Exam details of the user account which was used to logon to the domain controllers.
QUESTION NO: 50 You are employed as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows XP Professional. All domain controllers on the testking.com network have the DNS server role installed. All computers in the domain as well as non domain members register their DNS records automatically. During the course of the day you receive an instruction from management to ensure that only domain members is able to register their DNS records automatically. What should you do? A. You should consider setting the Primary DNS server to only register authenticated members. B. You should consider disabling the Everyone group in the Dynamic Objects permission. C. You should consider setting the option Secure only for Dynamic updates. D. You should consider configuring zone transfers to Name Servers. Answer: C
Reference : www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/cnet/cncf_imp_afpf.mspx
QUESTION NO: 51 You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. All servers on the TestKing.com network run Windows Server 2008. Half the client computers run Windows XP Professional, and the rest run Windows Vista. A number of domain controllers in the TestKing.com network are configured to host the forest wide operations master roles. A new company directive states that all domain controllers hosting this master role be decommissioned. You thus decide to have the forest wide operations master roles transferred to a new domain controller named TESTKING-DC03 prior to taking down the domain controllers. "Welcome to Certification's Main Event" - www.test-king.com 39
Te
st-
Explanation: In order to ensure that only domain members are able to register their DNS records dynamically you need to set the option Secure only for Dynamic updates. This will only allow the domain members to register their DNS records dynamically.
Ki
ng
.co
Microsoft 70-640: Practice Exam What should you do? (Choose all that apply.) A. You should consider transferring the Forest-wide server master roles. B. You should consider transferring the PDC Master. C. You should consider transferring the Schema master. D. You should consider transferring the Domain naming master. E. You should consider transferring the Secondary domain master. Answer: C,D Explanation: In order to transfer all forest-wide operation master roles to another domain you need to transfer Domain naming master as well as the Schema master. Schema Master: The schema master domain controller controls all updates and modifications to the schema. To update the schema of a forest, you must have access to the schema master. There can be only one schema master in the whole forest. Domain naming master: The domain naming master domain controller controls the addition or removal of domains in the forest. There can be only one domain naming master in the whole forest. Reference: http://support.microsoft.com/kb/324801
You are in the process of upgrading the domain controllers on the network to Windows Server 2008. You receive an instruction from the CIO to ensure that the application of multiple password policies will be supported. You thus decide to configure the Active Directory environment to accomplish this. What should you do? A. You should consider executing executing dcpromo/adv on 2 domain controllers. B. You should consider creating four Active Directory sites. C. You should consider setting the functional level of the domain to Windows Server 2008. D. You should consider executing dcpromo/adv on all domain controllers on the network. Answer: C
Te
You are the newly appointed network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. All domain controllers on the TestKing.com network run Windows Server 2003 and all client computers run Windows XP Professional.
st-
Ki
QUESTION NO: 52
ng
.co
40
QUESTION NO: 53 You work as an enterprise administrator at TestKing.com. The TestKing.com network consists of a single Active Directory forest that contains a single domain named TestKing.com. At present the domain controllers on the TestKing.com network is configured to run Windows Server 2003. You receive an instruction from the CIO to prepare the Active Directory domain in order to deploy Windows Server 2008 on all domain controllers. You need to determine the appropriate actions that need to be executed to accomplish this task. What should you do? (Choose all that apply.) A. You should consider running the adprep /domainprep command. B. You should consider raising the forest functional level to Windows Server 2008. C. You should consider running the adprep /forestprep command. D. You should consider raising the domain functional level to Windows Server 2008. Answer: A,C
QUESTION NO: 54
The functional level of us.testking.com is set at Windows Server 2008 and the functional level of uk.testking.com is set at Windows Server 2003 Native Mode. During the course of the day you receive an instruction from management to have an external trust configured between us.testking.com and uk.testking.com. To ensure productivity throughout the organization you thus decide to have Kerberos AES encryption enabled. What should you do? A. This can be accomplished by ensuring that the uk.testking.com forest functional level is raised to Windows Server 2008. B. This can be accomplished by ensuring that the uk.testking.com domain functional level is raised to Windows Server 2008. C. This can be accomplished by ensuring that the us.testking.com forest functional level is raised to Windows Server 2008. D. This can be accomplished by ensuring that a new forest trust created and forest-wide authentication is enabled. "Welcome to Certification's Main Event" - www.test-king.com 41
Te
st-
You work as an enterprise administrator at TestKing.com. The TestKing.com network consists of a single Active Directory forest named us.testking.com and uk.testking.com.
Ki
ng
.co
Microsoft 70-640: Practice Exam Answer: B
QUESTION NO: 55 You are employed as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory forest that contains a single domain named testking.com. The functional level of the forest is set at Windows Server 2008. During the course of the day you receive an instruction from the CIO to create a global distribution group as well as adding users to it. After creating the global distribution group and adding the users you create a shared folder named KINGDATA on a Windows Server 2008 member server. Thereafter you place the global distribution group in a domain local group that has access to KINGDATA. To ensure productivity you need to make sure that all users are able to access KINGDATA. What should you do?
QUESTION NO: 56
TestKing.com has hired you as a systems administrator for their network. The TestKing.com network consists of a single Active Directory forest that contains two domains named us.testking.com and uk.testking.com. TestKing.com has its headquarters in Phoenix and a branch office in Dallas. To ensure productivity management wants you to minimize the time needed to authenticate users from the us.testking.com when they access resources in the uk.testking.com. What should you do? A. This can be accomplished by increasing the replication interval for the DEFAULTIPSITELINK site link. B. This can be accomplished by creating a one-way shortcut trust from us.testking.com to uk.testking.com. "Welcome to Certification's Main Event" - www.test-king.com 42
Te
st-
Answer: B
Ki
A. This can be achieved by having the global distribution group renamed to a universal distribution group. B. This can be achieved by having the global distribution group type modified to a security group. C. This can be achieved by havin the forest functional level set to Windows Server 2008. D. This can be achieved by having the Domain Administrators added to the global distribution group.
ng
.co
Microsoft 70-640: Practice Exam C. This can be accomplished by increasing the replication interval for all connections objects. D. This can be accomplished by creating a one-way shortcut trust from uk.testking.com to us.testking.com. Answer: D
QUESTION NO: 57 TestKing.com has employed you as a network administrator. The TestKing.com network consists of a single Active Directory forest that contains a parent domain as well as a child domain. The child domain contains two domain controllers named TESTKING-DC01 and TESTKINGDC02. TESTKING-DC01 and TESTKING-DC02 are configured to run Windows Serer 2008. You are in the process of migrating the user accounts from the child domain to that of the parent domain. A new company directive states that the child domain is scheduled for decommissioning. During the course of the day you receive an instruction from the CIO to remove the child domain from the Active Directory forest. What should you do? (Choose all that apply.)
A. Your best option would be to have the Domain Controller service on TESTKING-DC01 and TESTKING-DC02 stopped in the child domain using the Computer Management Console. B. Your best option would be to have the Active Directory domain services role uninstalled in the child domain on TESTKING-DC01 and TESTKING-DC02 using Server Manager. C. Your best option would be to have Dcpromo utility executed on TESTKING-DC01 and TESTKING-DC02 in the child domain that has the individual answer files. D. Your best option would be to have the computer accounts for TESTKING-DC01 and TESTKING-DC02 deleted in the child domain. Thereafter the trust relationship between the parent domain and the child domain should be removed. Answer: B,C
QUESTION NO: 58 You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. TestKing.com recently employed Windows Server 2008. A number of TestKing.com remote sites do not have a very secure security policy in place. You therefore decide to implement read-only domain controllers (RODC) at these sites. You need to determine the forest and function level the network will require in order to do the installation. "Welcome to Certification's Main Event" - www.test-king.com 43
Te
st-
Ki
ng
.co
What should you identify? A. You should consider installing Windows 2008. B. You should consider installing Windows 2000 Mixed. C. You should consider installing Windows 2000 Native. D. You should consider installing Windows 2003. Answer: A,D Explanation: The forest and function levels have to be Windows 2003 or above to install a RODC.
QUESTION NO: 59 You are the newly appointed network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows XP Professional. You are in the process of promoting a Windows Server 2008 workstation to an Active Directory domain controller for testing purposes. The new domain controller is added to the existing domain. You encounter an error message that stops the server from being promoted whilst using the Active Directory Installation Wizard. In order to rectify the error you need to identify the likely cause.
What should you identify?
A. A possible reason could be that the system lacks an NTFS partition on which the Sysvol directory could be created. B. A possible cause could be the lack of a Windows Server 2008 DNS server on the network. C. A possible cause could be that the TCP/IP configuration on the new server is incorrect. D. A possible cause could be the domain reached its limit for the amount of domain controllers. Answer: A,C Explanation: The Sysvol directory has to be created on an NTFS partition. In the case of such a partition being unavailable, the server will not be able to be promoted to a domain controller. An error in the network configuration may impede the server from connecting to another domain controller in the environment.
Te
st-
Ki
ng
.co
44
Microsoft 70-640: Practice Exam QUESTION NO: 60 TestKing.com has hired you as a systems administrator for their network. The TestKing.com network consists of a single Active Directory domain named testking.com. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows XP Professional. You receive an instruction during the course of the day to install the first domain controller in the Active Directory environment. To accomplish this task you need to execute the appropriate command that will start the Active Directory Installation Wizard. What should you do? A. You should consider using the DCPromo.exe command. B. You should consider using the DCPromote.exe command. C. You should consider using the DomainPromote.exe command. D. You should consider using the Promote.exe command Answer: A
QUESTION NO: 61
TestKing.com has employed you as a network administrator. The TestKing.com network consists of a single Active Directory domain named testking.com. All servers on the TestKing.com network run Windows Server 2008. Half the client computers run Windows XP Professional, and the rest run Windows Vista. In order to accomplish a few tasks you need to access the Active Directory Installation Wizard. You thus need to identify the appropriate command that will permit you to access the Active Directory Installation Wizard. What should you identify? A. You need to run the dconfig command. B. You need to run the dcpromo command. C. You need to run the domaininstall command. D. You need to run the domainupgrade command. E. You need to run the dcinstall command.
Te
st-
Ki
Explanation: The DCPromo.exe has to be used to initiate the process of promoting or demoting a server to/from a domain controller.
ng
.co
45
Microsoft 70-640: Practice Exam Answer: B Explanation: The dcpromo command should be utilized to launch the Active Directory Installation Wizard. All of the remaining commands are not valid in Windows Server 2008.
QUESTION NO: 62 You are employed as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows XP Professional. During the course of the day you receive an instruction from the CIO to remove a domain controller named TESTKING-DC01 from the domain. You need to execute this task using the easiest method. What should you do?
Answer: D
QUESTION NO: 63 You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. All servers on the TestKing.com network run Windows Server 2008. Half the client computers run Windows XP Professional, and the rest run Windows Vista. Your job function encompasses managing the TestKing.com infrastructure. Due to company growth TestKin.com acquired another company. You receive an instruction to merge the newly acquired company into your current domain and forest. Management wants you to create the domain of the new company as a new domain in order for it to be an addition the root domain of "Welcome to Certification's Main Event" - www.test-king.com 46
Te
Explanation: The Active Directory Installation Wizard allows administrators to remove a domain controller from a domain quickly and easily devoid of the need to reinstall the operating system.
st-
Ki
A. You should consider using the dcpromo /remove command. B. You should consider reinstalling the server over the existing installation. Thereafter the machine should be assigned as a member of a workgroup. C. You should consider reinstalling the server over the existing installation. Thereafter the machine should be assigned as a member of a domain. D. You should consider using the Active Directory Installation Wizard in order to demote TESTKING-DC01.
ng
.co
Microsoft 70-640: Practice Exam testking.com. What should you do? A. You should consider tolerating a canonical name record with the purpose of translating to the new domain. B. You should consider joining the new domain to a new forest. C. You should consider joining the new domain to the current one. D. You should consider creating a new FQDN as well as using a secondary zone. Answer: C Explanation: Your best option in this scenario would be to create a new tree to form or add to a forest that is as simple as promoting a server to a domain controller for a new domain that does not share a namespace with an existing Active Directory domain. In order to have a new domain added to an existing forest, you should already encompass a minimum of one other domain. This domain then serves as the root domain for the whole forest.
QUESTION NO: 64
What should you inform them?
A. You should inform them that Windows Server 2003 mode will accomplish this. B. You should inform them that Windows Server 2008 mode will accomplish this. C. You should inform them that Windows 2000 Native mode will accomplish this. D. You should inform them that Low-security mode will accomplish this. Answer: C Explanation: Windows 2000 Native mode will need to be used for Windows Server 2000, 2003 and 2008 to be capable of supporting domain controllers. Making use of this configuration will yield several Windows 2000 Server Active Directory features to be unavailable.
QUESTION NO: 65
Te
st-
You are the newly appointed network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. You receive an instruction from management to inform them which modes need to be used for Windows Server 2000, 2003 and 2008 in order to support domain controllers in an Active Directory domain.
Ki
ng
.co
47
Microsoft 70-640: Practice Exam TestKing.com has hired you as a systems administrator for their network. You recently completed the installation of a Windows Server 2008 system into the testking.com network. During the course of the day you come across the default accounts that are domain local. You receive an instruction from management to determine which accounts are not set up by default. What should you inform them? A. The Administrators is not set up by default. B. The Backup Operators is not set up by default. C. The Guests is not set up by default. D. The Print Operators is not set up by default. E. The Remote Administrators is not set up by default. F. The Users is not set up by default. Answer: E Explanation: Every domain local group is correct apart from Remote Administrators; this does not form part of a default group created with the base OS install.
QUESTION NO: 66
What should you do?
A. This can be accomplished using Organizational units (OUs). B. This can be accomplished using Users. C. This can be accomplished using Sites. D. This can be accomplished using Trees. Answer: A Explanation: Organizational units are employed when a hierarchical structure needs to be created within a domain. Users are objects contained by the directory, sites are employed for physical planning and trees are relationships amid domains.
Te
st-
TestKing.com has employed you as a network administrator. You receive an instruction from the CIO to create the logical structure of the company from the active directory domains. In order to accomplish your task you need to determine the appropriate objects that will assist you in accomplishing this task.
Ki
ng
.co
48
Microsoft 70-640: Practice Exam QUESTION NO: 67 You are employed as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows XP Professional. At present various groups in the organization are subdivided inside the Active Directory. To ensure productivity management wants the Finance group to be separated from the Sales group. You receive an instruction from the CIO to create a system of organizing for this subdivision as well as other groups. What should you do? A. Your best option would be to build a container in LM Manager. B. Your best option would be to create a Sites and Services subnet grouping. C. Your best option would be to create OU's. D. Your best option would be to make use of Users and Groups.
QUESTION NO: 68
You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. All servers on the TestKing.com network run Windows Server 2008. Half the client computers run Windows XP Professional, and the rest run Windows Vista. You receive an instruction from the CIO during the course of the day to determine what will happen to the copy of the Active Directory on other domain controllers for the same domain in the event of an authoritative restore of the entire Active Directory database. What should you identify?
Te
st-
Explanation: An OU is an organizational unit as well as a container object which is an Active Directory administrative partition. OUs are able to contain users, groups, resources as well as other OU's. You can utilize OUs to aid building an organization into your directory so that software updates can be rolled out to groupings of users and computers. OUs facilitate the assigning of administration to very well-defined subtrees of the directory. OUs are capable of being departments or groups and can be used to structure and manage your network in such a way that has a company's business organization reflected.
Ki
ng
.co
Answer: C
49
Microsoft 70-640: Practice Exam A. This will result in other domain controllers being automatically demoted. B. This will result in the Active Directory duplicating on the restored domain controller being overwritten. C. This will result in the Active Directory duplicating on other domain controllers being overwritten. D. This will result in the all data on the domain controllers being merged. Answer: C Explanation: An authoritative restore of the entire Active Directory database causes the restored copy to write over information stored on other domain controllers.
QUESTION NO: 69 You are the newly appointed network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows XP Professional. A TestKing.com user named Rory Allen is a newly appointed junior technician in your department. Rory Allen is given a specific task on writing a report of converting a Windows Server 2008 workstation to a domain controller. Prior to starting his report he approaches you to determine what this process is called. What should you inform him?
Answer: A Explanation: The process of preparing a Windows Server 2008 workstation as a new domain controller is known as promotion. This is the only method to have Active Directory installed.
QUESTION NO: 70 You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. The company runs Windows Server 2008 on all the servers on the network. You receive an instruction from the CIO to identify all logon attempts on the domain controllers that has failed. "Welcome to Certification's Main Event" - www.test-king.com 50
Te
A. The process is named Promotion. B. The process is named Advertising. C. The process is named Reinstallation. D. The process is named Conversion.
st-
Ki
ng
.co
Microsoft 70-640: Practice Exam What should you do? A. You should consider viewing the Netlogon.log file. B. You should consider running Event Viewer. C. You should consider viewing running the Security and Configuration Wizard. D. You should consider viewing the Security tab on the domain controller computer object. Answer: B
QUESTION NO: 71 You are the newly appointed enterprise administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. The functional level of the forest is set at Windows Server 2008. You receive an instruction from the CIO to create multiple password policies for all TestKing.com clients in the domain. What should you do?
QUESTION NO: 72 You work as the enterprise administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. The company runs Windows Server 2008 on all domain controllers on the network. At present the domain functional level as well as the forest functional level is set to Windows 2000 native mode. To ensure productivity management wants you to make sure that the UPN suffix for testking.com is accessible for user accounts within the network. You thus need to determine the first step that should be executed to accomplish this. A. The TestKing.com forest functional level should be raised to Windows Server 2003 or Windows Server 2008. "Welcome to Certification's Main Event" - www.test-king.com 51
Te
Answer: C
st-
A. This can be accomplished by creating multiple class schema objects from the Schema snap-in. B. This can be accomplished by creating multiple Group Policy objects from the Group Policy Management snap-in. C. This can be accomplished by creating multiple Password Setting objects from the ADSI Edit snap-in. D. This can be accomplished by creating multiple security policies from the Security Configuration Wizard.
Ki
ng
.co
Microsoft 70-640: Practice Exam B. The Primary DNS Suffix option in the Default Domain Controllers Group Policy Object (GPO) should be changed to TestKing.com. C. The new UPN suffix should be added to the forest. D. The TestKing.com domain functional level should be raised to Windows Server 2003 or Windows Server 2008. Answer: C
QUESTION NO: 73 You work as an enterprise administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. All servers on the TestKing.com network run Windows Server 2008. Due to expansion, TestKing.com has purchase 50 new computers. You receive an instruction from the CIO to install the 50 computers to be part of the TestKing.com domain. You decide to create computer accounts in an organizational unit. What should you do?
Answer: D
QUESTION NO: 74
You work as an enterprise administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. All servers on the TestKing.com network run Windows Server 2008. TestKing.com has its headquarters in Chicago and a branch office in Dallas. Jobs were created at the branch offices of TestKing.com. Due to this, TestKing.com has hired 15 new users in the Dallas office. TestKing.com management wants the new users to connect to the headquarters via a VPN connection. You then grant the new users the Allow Read and Allow Execute permissions on their newly created accounts. The new users will make use of these permissions in order to access the shared resources at the Chicago office. You receive numerous complaints from the users stating that they are unable to access the shared resources in the Chicago office. To ensure productivity you need to make sure that a VPN "Welcome to Certification's Main Event" - www.test-king.com 52
Te
st-
Ki
A. You should consider running the dsmod computer <computerdn> command. B. You should consider running the csvde f computers.csv command. C. You should consider running the Idifde f computers.Idf command. D. You should consider running the dsadd computer <computerdn> command.
ng
.co
Microsoft 70-640: Practice Exam connection is established to the Chicago office. What should you do? A. Your best option would to give the Allow Access Dial-in permission to the new users. B. Your best option would to join the Windows Authorization Access security group to the new users. C. Your best option would to join the Remote Desktop Users security group to the new users. D. Your best option would to give the Allow Full control permission to the new users. Answer: A Explanation: Section 2, Configure trusts (2 Questions)
A. You should identify that uk.testking.com clients will lack the permission to gain access to resources in us.testking.com. B. You should identify that all us.testking.com clients are able to access all resources in uk.testking.com. C. You should identify that us.testking.com clients will lack permission to gain access to resources in uk.testking.com. D. You should identify that all uk.testking.com clients are able to access resources in us.testking.com. E. You should identify that resources cannot be shared amongst domains. Answer: A,C Explanation:
Te
st-
The domain was configured to cancel any trust relationship between the two. During the course of the day you receive an instruction from the CIO that shared resources between the domains are now needed. You thus decide to have a trust relationship between us.testking.com and uk.testking.com. Prior to taking further action you need to identify the statements that are true.
Ki
ng
You are employed as the network administrator at TestKing.com. The TestKing.com network consists of two Active Directory domains named us.testking.com and uk.testking.com. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows XP Professional.
.co
QUESTION NO: 75
53
Microsoft 70-640: Practice Exam A trust relationship will only allow the possibility of sharing resources amongst domains. It will not explicitly supply any permission. You need have the appropriate permissions configured in order to permit users access to resources in another domain.
QUESTION NO: 76 You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. All servers on the TestKing.com network run Windows Server 2008. Half the client computers run Windows XP Professional, and the rest run Windows Vista. A TestKing.com user named Kara Lang is a newly appointed technician in your department. She wants to know which trust types that are automatically created amongst the domains in a domain tree. What should you tell her? A. You should inform her Transitive two-way trusts. B. You should inform her Transitive trusts. C. You should inform her Two-way trusts. D. You should inform her Intransitive two-way trusts.
Section 3, Configure sites (5 Questions)
QUESTION NO: 77 TestKing.com has employed you as a network administrator. The TestKing.com network consists of a single Active Directory domain named testking.com. All servers on the TestKing.com network run Windows Server 2008. Half the client computers run Windows XP Professional, and the rest run Windows Vista. You need to determine the items that are not dependant on the DNS namespace. What should you identify? (Choose all that apply.) A. Domain forests are not dependant on the DNS namespace. B. DNS zones are not dependant on the DNS namespace.
Te
st-
Explanation: A transitive two-way trust is automatically created amid the domains in a domain tree.
Ki
Answer: A
ng
.co
54
Microsoft 70-640: Practice Exam C. Organizational units (OUs) are not dependant on the DNS namespace. D. Domain trees are not dependant on the DNS namespace. E. Active Directory sites are not dependant on the DNS namespace. F. Domains are not dependant on the DNS namespace. Answer: C,E Explanation: OUs do not take part in the DNS namespace. OU's are mainly used for having objects named within an Active Directory domain. The naming for Active Directory objects, such as sites, is not dependant on DNS names either.
QUESTION NO: 78 TestKing.com has hired you as a systems administrator for their network. The TestKing.com network consists of a single Active Directory domain named testking.com. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista. The Active Directory of TestKing.com forms part of four sites. You receive an instruction from the CIO to configure the site links to be transitive. You thus need to determine the Active Directory object that is responsible for representing a transitive relationship amid sites.
Answer: B
Explanation: Site link bridges are built with intent to permit site links to be transitive. This permits site links to make use of other site links in order to have replication information transferred between sites. All site links are bridged yet, it is possible to turn off transitivity if you wish to override this behavior.
QUESTION NO: 79 You are the newly appointed network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista.
Te
A. You should identify additional sites. B. You should identify Site link bridges. C. You should identify additional site links. D. You should identify Bridgehead servers.
st-
Ki
What should you do?
ng
.co
55
Microsoft 70-640: Practice Exam You decide to add various routers to the environment with the aim of reducing the amount of traffic going to and from the various areas of the network. Management wants you to reconfigure Active Directory Replication to reflect these changes. To accomplish this you need to identify the Active Directory objects that need to be modified in order to define the network boundaries for Active Directory sites. What should you do? A. You should consider modifying the Subnets. B. You should consider modifying the Site links. C. You should consider modifying the Site link bridges. D. You should consider modifying the Bridgehead servers. Answer: A Explanation: Subnets define the specific network segments which are well linked.
QUESTION NO: 80
What should you do?
A. This can be accomplished by raising the cost of the dial-up line. B. This can be accomplished by lowering the cost of the T1 line. C. This can be accomplished by lowering the cost of the dial-up line. D. This can be accomplished by raising the cost of the T1 line. Answer: A,B Explanation: Lower costs are preferred over higher costs. However, if the lower cost connection fails for any reason, the higher cost link will then be utilized.
Te
The TestKing.com network has alternate locations at two different sites. At present a T1 line as well as a dial-up line is used for redundancy connecting the sites. You receive an instruction from the CIO to determine whether replication occurs normally on the T1 line as well as ensuring that the dial-up line is only there as back up in the event of T1 going down.
st-
Ki
You are employed as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows XP Professional.
ng
.co
56
Microsoft 70-640: Practice Exam QUESTION NO: 81 You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. All servers on the TestKing.com network run Windows Server 2008. Half the client computers run Windows XP Professional, and the rest run Windows Vista. Your job function encompasses deploying sites and subnets within the testking.com environment. You wish to verify that you have arranged your subnet objects correctly. You need to identify the subnet object that cannot be used. What should you identify? A. You should not make use of 172.16.1.0 B. You should not make use of 10.1.1.0 C. You should not make use of 192.168.256.0 D. You should not make use of 11.1.1.0 Answer: C
QUESTION NO: 82
You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. All domain controllers on the TestKing.com network run Windows Server 2003. During the course of the business day you receive an instruction from the CIO to have the domain controllers in the network upgraded to Windows Server 2008. You need to make sure replication is able to take place by the Sysvol share. A new TestKing.com policy state that DFS Replication (DFS-R) be used in such instances. What should you do? A. This can be accomplished by running netdom/dfs-r. B. This can be accomplished by raising the functional level of the domain to Windows Server 2008. "Welcome to Certification's Main Event" - www.test-king.com 57
Te
st-
Section 4, Configure Active Directory replication (10 Questions)
Ki
ng
Explanation: 192.168.256.0 is an invalid IP address and therefore will not work as a subnet object.
.co
Microsoft 70-640: Practice Exam C. This can be accomplished by running dfsutil/addroot:sysvol. D. This can be accomplished by running dcpromo/attend:attendfile.xml. Answer: B
QUESTION NO: 83 You are employed as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. All domain controllers on the TestKing.com network are configured to run Windows Server 2008 and all client computers run Windows XP Professional. A new TestKing.com policy states that replication errors need to be captured to a central location. During the Course of the business day you receive an instruction from the CIO to capture the replication errors of all domain controllers in the testking.com domain. What should you do?
Answer: D
QUESTION NO: 84
You are employed as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory site named testking-north.com. Due to the company expanding you create another Active Directory site named testkingsouth.com. You receive an instruction from the CIO to configure Active Directory replication between testking-north.com and testking-south.com. To accomplish this you decide to install a new domain controller. After the installation you create the site link between testking-north.com and testking-south.com. What should your subsequent step be? A. You need to consider decreasing the site link cost between testking-north.com and testkingsouth.com. B. You need to consider configuring the new domain controller as a preferred bridgehead server for testking-north.com. "Welcome to Certification's Main Event" - www.test-king.com 58
Te
st-
Ki
ng
A. You should consider having the System Performance data collector set started. B. You should consider having the Active Directory Diagnostics data collector set started. C. You should consider having a new capture created in the Network Monitor. D. You should consider having event log subscriptions set and configured.
.co
Microsoft 70-640: Practice Exam C. You need to consider configuring a new site link bridge object. D. You need to consider assigning a new IP subnet to testking-south.com. Thereafter the new domain controller object should be moved to testking-south.com. Answer: D
QUESTION NO: 85 TestKing.com has employed you as a network administrator. TestKing.com has itsheadquarters in London and branch offices in Paris, Berlin, Milan and Athens. Every office is configured as a separate Active Directory site. Every site has its own domain controller. During the course of the day you disable an account that has administrative rights. You receive an instruction from the CIO to replicate the disabled account information to all TestKing.com sites. What should you do? (Choose all that apply.) A. This can be accomplished by having the domain controllers configured as global catalog servers using Dsmod.exe. B. This can be accomplished by having the existing connection objects selected and replication forced from the Active Directory Sites and Services console. C. This can be accomplished by having the domain controllers configured as global catalog servers from the Active Directory Sites and Services console. D. This can be accomplished by forcing replication between the site connection objects using Repadmin.exe. Answer: B,D
QUESTION NO: 86
TestKing.com has hired you as a systems administrator for their network. The TestKing.com network consists of a single Active Directory domain named testking.com. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista. You receive an instruction from the CIO to establish a replication scenario with reference to three domains as well as three sites without creating it manually. What should you do? A. You should use site links. B. You should use sites. C. You should use subnets. D. You should use connection objects.
Te
st-
Ki
ng
.co
59
Microsoft 70-640: Practice Exam Answer: D Explanation: The connection objects are created automatically by the Active Directory replication engine as standard. You can decide whether or not to override the default behavior of Active Directory replication topology by creating Connection objects manually; however this step is not necessary.
QUESTION NO: 87 You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. All servers on the TestKing.com network run Windows Server 2008. Half the client computers run Windows XP Professional, and the rest run Windows Vista. During routine monitoring you detect that new employees are not replicating properly on your Windows Server 2008 server. To ensure productivity you need to verify the replication of the domain controllers. What should you do?
Answer: A
QUESTION NO: 88 You are employed as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows XP Professional. You have a strong suspicion that there is an error in the replication configuration. You decide to locate the error message pertaining to replication. What should you do?
Te
Explanation: RepAdmin is a command line utility which is used to view as well as configure Windows Server 2008 replication amid domain controllers.
st-
Ki
A. You should consider employing the RepAdmin utility. B. You should consider employing the RepConsole utility. C. You should consider employing the RepMonitor utility. D. You should consider employing the RepView utility.
ng
.co
60
Microsoft 70-640: Practice Exam A. You should consider viewing the Event Viewer Directory Service log. B. You should consider using the Active Directory Sites and Services administrative tool. C. You should consider using the Computer Management tool. D. You should consider viewing the Event Viewer System log. Answer: A Explanation: The Directory Service event log will hold all error messages as well as information linked to replication. These details are helpful when troubleshooting replication problems.
QUESTION NO: 89 You are the newly appointed network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista. You are responsible for managing three domain controllers named TESTKING-DC01, TESTKINGDC02 and TESTKING-DC03. During routine monitoring you discover that these domain controllers always have Knowledge Consistency Checker (KCC) errors popping up in the directory services Event Viewer log. You need to establish the reason for this predicament.
Answer: C
Explanation: Due to the nature of KCC errors it is vital to realize that they directly relate to replication problems, site linkage issues, et cetera. KCC errors pinpoints replication problems.
QUESTION NO: 90 TestKing.com has employed you as a network administrator. The TestKing.com network consists of a single Active Directory domain named testking.com. All servers on the TestKing.com network run Windows Server 2008. Half the client computers run Windows XP Professional, and the rest run Windows Vista. You need to determine which AD service is responsible for maintaining the replication topology. "Welcome to Certification's Main Event" - www.test-king.com 61
Te
A. This will occur due to problems linked with Global Catalog placement. B. This will occur due to DNS problems. C. This will occur due to Replication problems. D. This will occur due to Name resolution problems.
st-
Ki
What is the likely reason?
ng
.co
Microsoft 70-640: Practice Exam What should you identify? A. The Windows Internet Name Service will accomplish this. B. The File Replication Service will accomplish this. C. The Domain Name System will accomplish this. D. The Knowledge Consistency Checker will accomplish this. Answer: D Explanation: The Knowledge Consistency Checker (KCC) is accountable for setting up the replication topology as well as ensuring that all domain controllers are kept current.
QUESTION NO: 91 You work as an enterprise administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. All domain controllers on the TestKing.com network are configured to run Windows Server 2008. A new TestKing.com policy states that replication errors need to be captured to a central location. You need to determine a method that will ensure that the domain controller replication errors are captured to the central location. What should you do?
A. This can be achieved by installing Network Monitor. Thereafter a new capture can be created. B. This can be achieved by ensuring that the System Performance data collector set is started. C. This can be achieved by ensuring that event log subscriptions are configured. D. This can be achieved by ensuring that the Active Directory Diagnostics data collector set is started. Answer: C Explanation: Section 5, Configure the global catalog (4 Questions)
QUESTION NO: 92 You work as an enterprise administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. All servers on the TestKing.com network run Windows Server 2008. Half the client computers run Windows XP Professional and the rest run "Welcome to Certification's Main Event" - www.test-king.com 62
Te
st-
Ki
ng
.co
Microsoft 70-640: Practice Exam Windows Vista. TestKing.com hasits headquarters in Seattle and branch offices in Dallas, Phoenix, Miami and Chicago. At every office an Active Directory site with one domain controller is installed. All domain controllers at the Seattle office is configured as Global Catalog Servers. You receive an instruction from the CIO to ensure that the Universal Group Membership Caching (UGMC) option is deactivated at the branch office level. You thus need to identify the appropriate level where this should be deactivated. A. You should consider deactivating the UGMC on the Server level. B. You should consider deactivating the UGMC on the Site level. C. You should consider deactivating the UGMC on the domain level. D. You should consider deactivating the UGMC on the Connection object level. Answer: B
A. You should identify the specific Active Directory domain controllers. B. You should identify the Active Directory computers. C. You should identify all the Active Directory domain controllers. D. You should identify all the Windows NT domain controllers. Answer: A Explanation: TestKing.com systems administrators have the ability to define which domain controllers in the environment contain a copy of the GC. However the GC does contain information regarding every domain in the environment, it does not need to reside on every domain controller.
QUESTION NO: 94 TestKing.com has hired you as a systems administrator for their network. The TestKing.com network consists of a single Active Directory domain named testking.com. All servers on the "Welcome to Certification's Main Event" - www.test-king.com 63
Te
st-
Ki
TestKing.com has employed you as a junior technician. The TestKing.com network consists of a single Active Directory domain named testking.com. All servers on the TestKing.com network run Windows Server 2008. Half the client computers run Windows XP Professional, and the rest run Windows Vista. You need to identify the computers on the TestKing.com network that will contain a copy of the Global Catalog (GC).
ng
.co
QUESTION NO: 93
Microsoft 70-640: Practice Exam TestKing.com network run Windows Server 2008 and all client computers run Windows Vista. A TestKing.com user named Kara Lang is a junior technician in your department. Kara Lang wants to know which server forms part of the Active Directory topology as well as the schema information repository for the Active Directory. What should you tell her? A. You should tell her the Global Catalog. B. You should tell her the Domain Controller. C. You should tell her the Domain Partition. D. You should tell her the Schema Master. Answer: A Explanation: The Global Catalog holds information regarding multiple domains. Having more Global Catalog servers added is capable of greatly increasing the performance of operations such as shared folder and printer searches. The other options are features of Active Directory, yet they have not been designed for fast searching across numerous domains.
QUESTION NO: 95
The Miami office is configured as a separate Active Directory site and consists of an Active Directory domain controller named TESTKING-DC06. You receive an instruction from the CIO to install a new application at the Miami office. In order for the application to run a Global Catalog server is required. To ensure productivity at the Miami office you decide to setup TESTKINGDC06 as a Global Catalog server. What should you do? A. This can be accomplished using the Computer Management console in order to configure TESTKING-DC06 as a Global Catalog server. B. This can be accomplished using the Dcpromo.exe utility in order to configure TESTKING-DC06 as a Global Catalog server. C. This can be accomplished using the Server Manager console in order to configure TESTKINGDC06 as a Global Catalog server. D. This can be accomplished using the Active Directory Domains and Trusts console in order to configure TESTKING-DC06 as a Global Catalog server. "Welcome to Certification's Main Event" - www.test-king.com 64
Te
st-
You work as an enterprise administrator at TestKing.com. All servers on the TestKing.com network run Windows Server 2008. TestKing.com has its headquarters in Chicago and a branch office in Miami.
Ki
ng
.co
Microsoft 70-640: Practice Exam E. You should consider using the Active Directory Sites and Services console to configure the TESTKING-DC06 as a Global Catalog server. Answer: E Explanation: Section 6, Configure operations masters (10 Question)
QUESTION NO: 96 TestKing.com has employed you as a network administrator. The TestKing.com network consists of a single Active Directory domain named testking.com. All servers on the TestKing.com network run Windows Server 2008. Half the client computers run Windows XP Professional, and the rest run Windows Vista. The TestKing.com network contains two domain controllers named TESTKING-DC01 and TESTKING-DC02. TESTKING-DC01 is configured to host the Schema Master Role. During the course of the day you discover that TESTKING-DC01 has failed. In order to rectify the problem you log on to the Active Directory using the administrator account. You attempt to transfer the Schema Master Operations role but are unsuccessful in accomplishing this task. Management wants you to make sure that TESTKING-DC02 is configured to host the Schema Masters Role.
A. Your best option would be to configure TESTKING-DC02 as a Primary domain controller. B. Your best option would be to seize the Schema Master role on TESTKING-DC02. C. Your best option would be to register Schemamt.dll on the Active Directory domain. Thereafter the Active Directory Schema snap-in can be started. D. Your best option would be to join the Schema Administrators group. Thereafter the Schema settings should be modified to save records on TESTKING-DC02. Answer: B Explanation: To ensure that TESTKING-DC02 holds the Schema Master role you need to seize the Schema Master role on TESTKING-DC02. Seizing the schema master role is a drastic step that should be considered only if the current operations master will never be available again. So to transfer the schema master operations role, you have to seize it on TESTKING-DC02. Reference: http://technet2.microsoft.com/windowsserver/en/library/d4301a14-dd18-4b3c-a3ccec9a773f7ffb1033.mspx?mfr=true
Te
st-
Ki
What should you do?
ng
.co
65
Microsoft 70-640: Practice Exam QUESTION NO: 97 TestKing.com has appointed you as a network developer. You completed the deployment of a single Active Directory domain named testking.com. At present the company makes use of the Active Directory schema for storing essential data linked to its members. Most of the information fields you intend supporting are already included with the basic Active Directory schema. However you require another field-a "security clearance level" value-that is not supported. You want to take advantage from the extensibility of Active Directory by having the required filed added to the properties of a User object. You need to determine on which server the modifications can be made. What should you do? A. You should make modifications on a domain controller. B. You should make modifications on the Global Catalog. C. You should make modifications on a member server. D. You should make modifications on the Schema Master. Answer: D
QUESTION NO: 98
You are the newly appointed network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows XP Professional. You receive an instruction from the CIO to keep track of licensing with the licensing server. To accomplish this you need to determine where you can configure the licensing server to ensure that you are compliant. What should you do? A. Licensing will need to be configured in the Control Panel under the Licensing Applet. B. Licensing will need to be configured in the Registry under the HKEY_ClASSES_ROOT key. C. Licensing will need to be configured in the Computer Management MMC. D. Licensing will need to be configured in the Active Directory Sites and Services tool. Answer: D
Te
st-
Ki
ng
Explanation: The Schema Master is the lone server within Active Directory to which alterations to the schema can be made.
.co
66
Microsoft 70-640: Practice Exam Explanation: As a systems administrator, you may wish to utilize the Licensing Service to keep track on your compliance. This can be accomplished in the Active Directory Sites and Services administration tool.
QUESTION NO: 99 You are employed as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows XP Professional. A newly appointed technician in your department wants to know in which group members have the authorization to execute actions in multiple domains. What should you inform the technician? A. This can be accomplished when one is a member of the Enterprise Admins group. B. This can be accomplished when one is a member of the Domain Users group. C. This can be accomplished when one is a member of the Domain Admins group. D. This can be accomplished when one is a member of the Administrators group. Answer: A
QUESTION NO: 100
You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. All servers on the TestKing.com network run Windows Server 2008. Half the client computers run Windows XP Professional, and the rest run Windows Vista. You receive an instruction from the CIO to install the Active Directory Federation Services (AD FS). To accomplish this task you need to determine the appropriate applications needed for your installation. What should you do? A. You should consider using Server Set-Up. B. You should consider using Server Manager. C. You should consider using Role Manager. D. You should consider using Add/Remove Programs-Services.
Te
st-
Explanation: When you are a member of the Enterprise Admins group you are assigned full permissions to administer all domains in an Active Directory forest.
Ki
ng
.co
67
Microsoft 70-640: Practice Exam Answer: B Explanation: Your best option in this scenario would be to make use of Server Manager. Server Manager is a Microsoft Management Console (MMC) snap-in which allows you to view information regarding server configuration, status of roles that are installed as well as links for having features and roles added and removed.
QUESTION NO: 101 TestKing.com has employed you as a consultant. You are in the process of designing the Active Directory environment of TestKing.com. You main focus is to concentrate on the organization unit (OU) structure. Other consultants will be responsible for preparing the technical issues. You need to devise a list of data needed to create the OU structure for a single domain. You need to determine the data that is irrelevant to you when designing the OU structure. What should you identify?
Answer: C
QUESTION NO: 102 TestKing.com has hired you as a systems administrator for their network. The TestKing.com network consists of a single Active Directory domain named testking.com. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows XP Professional. You are responsible for managing the IT department situated at the head quarters. You receive an instruction from management to deploy three Windows Server 2008 systems. To ensure productivity within your department after deployment you need to understand the normal load put on the systems under regular operations. "Welcome to Certification's Main Event" - www.test-king.com 68
Te
Explanation: Organizational Units are created to reflect a company's logical organization. Due to your concentration on the OU structure, you need to be primarily concerned with business requirements. Other Active Directory features could be utilized to assist the network topology and technical issues for example the performance and scalability.
st-
Ki
ng
A. The security requirements are irrelevant in your OU design. B. The system administration requirements are irrelevant in your OU design. C. The physical network topology is irrelevant in your OU design. D. The business organizational requirements are irrelevant in your OU design.
.co
Microsoft 70-640: Practice Exam What should you do? A. Your best option would be to set up Task Manager. B. Your best option would be to deploy the Alerts in the Performance Console. C. Your best option would be to make use of Network Monitor to view the current and future load. D. Your best option would be to establish a baseline of the current performance. Answer: D Explanation: By determining a baseline of the current performance of your systems you will get an impression of how they normally operate. You will then know when they are not performing as expected due to the charts being off. Ensure this procedure is documented and consider arranging a linear rather than circular log.
QUESTION NO: 103
What should you do?
A. You should check in the Event Viewer. B. You should check in the Network Monitor. C. You should check in the Performance Monitor. D. You should check in the Task Manager. Answer: A Explanation: The Event Viewer is the optimum tool for viewing information, warnings and alerts that are linked to Windows Server 2008 functions.
QUESTION NO: 104
Te
st-
During routine monitoring you discover that a domain controller is not performing properly. You check and discover that it is not a server performance error. You need to identify where you will be able to get more information regarding the errors that are taking place or a specific problem that prevent the domain controller from functioning properly.
Ki
ng
You are the newly appointed network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows XP Professional.
.co
69
Microsoft 70-640: Practice Exam You are employed as the systems administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista. At present the operating system is booted using the Directory Services Restore mode. During the course of the day you attempt to log in using a Domain administrator account but are unable to do so. You need to determine the reason why you are unable to log in. What should you identify? A. You are unable to log in because the Active Directory services are unavailable as a result you need to make use of the local Administrator password. B. You are unable to log in because another domain controller is unavailable to authenticate the login. C. You are unable to log in because the permissions on the domain controller do not allow users to log on locally. D. You are unable to log in because another domain administrator disabled the account. Answer: A
QUESTION NO: 105
You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. All servers on the TestKing.com network run Windows Server 2008. Half the client computers run Windows XP Professional, and the rest run Windows Vista. You are responsible for all the servers in the TestKing.com environment. During the course of the day whilst monitoring the Event Viewer logs you discover that a driver failed to load the startup. You decide to check whether the event was recorded. To accomplish this you need to check the appropriate logs in order to find the entry. What should you do? A. You should need to check the System log. B. You should need to check the Security log. C. You should need to check the Event log. "Welcome to Certification's Main Event" - www.test-king.com 70
Te
st-
Ki
Explanation: When you boot in Directory Services Restore mode the Active Directory is not started and network services are all disabled. The systems administrator will therefore have to make use of a local account in order to log in.
ng
.co
Microsoft 70-640: Practice Exam D. You should need to check the Application log. Answer: A Explanation: You make use of Event Viewer to view the logs. The system log is where the Windows system components event logs are confined. When a driver fails to load during startup it will be recorded in the system log. Windows has the events which are logged by system components predetermined.
QUESTION NO: 106 DRAG DROP You are employed as an enterprise administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. All servers on the TestKing.com network run Windows Server 2008. TestKing.com contains a server named TESTKING-SR11 that has the Active Directory Domain Services (AD DS) and the Active Directory Lightweight Directory Services (AD LDS) installed. TESTKING-SR11 contains an AD LDS instance named TK_Data. The default application directory partition is used by the instance to store data. A portion of the specs of TESTKING-SR11 is seen in the following exhibit:
What should you do? (Choose THREE. Each answer forms part of the solution)
Te
During a routine check up you notice that the AD LDS database files are running out of space. You need to relocate the AD LDS application partition to the D: drive.
st-
Ki
ng
.co
71
Answer:
Explanation:
Te
st-
Ki
ng
.co
72
What should you do?
A. You should use the wsamain.exe to test the certificate with AD LDS. B. You should use the ntdsutil.exe to test the certificate with AD LDS. C. You should use the Ldp.exe to test the certificate with AD LDS. D. You should use the Lds.exe to test the certificate with AD LDS. E. You should use the Active Directory Domain services to test the certificate with AD LDS. Answer: C Explanation: You need to use the Ldp.exe test the certificate with AD LDS. A certificate should be present on TESTKING-SR12 to establish an SSL connection to AD LDS. Furthermore, if you want to set up the SSL, you need a certificate marked for server authentication from a trusted CA that should be installed on the server, in this case TESTKING-SR12, which is running AD LDS. You shod also "Welcome to Certification's Main Event" - www.test-king.com 73
Te
TestKing.com contains a server named TESTKING-SR12 that has the Active Directory Lightweight Directory Services (AD LDS) installed. A New TestKng.com policy requires you to enable Secure Sockets Layer (SSL) based connections to TESTKING-SR12. You have made use a trusted Certification Authority (CA) to install certificates on TESTKING-SR12 and the client computers at TestKing.com. However, you need to test the certificates.
st-
Ki
ng
You are employed as an enterprise administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. All servers on the TestKing.com network run Windows Server 2008.
.co
QUESTION NO: 107
Microsoft 70-640: Practice Exam run the ldp.exe to test the certificate with TESTKING-SR12. Thereafter you should connect to the local instance of AD LDS by employing SSL.
QUESTION NO: 108 You are a newly appointed enterprise administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. All servers on the TestKing.com network run Windows Server 2008. TestKing.com contains a server named TESTKING-SR13 that has the Active Directory Lightweight Directory Services (AD LDS) role installed. TESTKING-SR13 contains an AD LDS instance named TK_Data. The default application directory partition is used by the instance to store data. You need to relocate TK_Data to the D: Drive. What should you do? (Choose THREE. Each answer forms part of the solution) A. The best option is to run the net stop TESTKING-SR13 command. B. The best option is to run the net stop "Domain Controller" command. C. The best option is to use the Ntdsutil tool to move the database files. D. The best option is to run the xcopy command to move the database files. E. The best option is to run the net start TESTKING-SR13 command. F. The best option is to run the net start "Domain Controller" command. Answer: A,C,E
Reference : Using Ntdsutil http://technet2.microsoft.com/windowsserver/en/library/5b1d983d-ffab-4514-a95e6aa0420dacb51033.mspx?mfr=true Reference : Event ID 1136 - Schema Operations http://technet2.microsoft.com/windowsserver2008/en/library/6a5d89c1-81df-445b-b67dd5ce9b0fed921033.mspx?mfr=true
QUESTION NO: 109 You are a newly appointed enterprise administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. All servers on the TestKing.com "Welcome to Certification's Main Event" - www.test-king.com 74
Te
Explanation: You should use the Ntdsutil tool to relocate the AD LDS application partition. With the Ntdsutil tool you can manage the Active Directory. To use this toll, you need to stop the NTDS service with the net stop command and start the NTDS service using net start command on TESTKING-SR13.
st-
Ki
ng
.co
Microsoft 70-640: Practice Exam network run Windows Server 2008. TestKing.com contains a server named TESTKING-SR14 that has the Active Directory Lightweight Directory Services (AD LDS) installed. You need to create a backup strategy for Active Directory Lightweight Directory Services (AD LDS) which will back up data and log files on a regular basis. Due to little media resources, only specific AD LDS instance will be backed up. What should you do? A. The best option is to select the checkbox to take only the backup of database and log files of AD LDS by using the Windows Server backup utility. B. The best option is to use the windows server backup utility and move AD LDS database and log files on a separate volume. C. The best option is to create installation media with the Dsdbutil.exe tool which will only corresponds to the AD LDS instance. D. None of the above Answer: C
QUESTION NO: 110
You are working as an enterprise administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. All servers on the TestKing.com network run Windows Server 2008. TestKing.com contains a server named TESTKING-SR15 that has the Active Directory Lightweight Directory Services (AD LDS) installed. During the course of the business day you receive an instruction from the CIO to have new Organizational Units (OU's) created in the directory partition of the AD LDS application. What should you do? A. The best option is to use of the dsmod OU <OrganizationalUnitDN> command. B. The best option is to use of the ADSI Edit Snap-in. C. The best option is to use of the dsadd OU <OrganizationalUnitDN> command. D. The best option is to use of the Active Directory Users and Computers snap-in. "Welcome to Certification's Main Event" - www.test-king.com 75
Te
st-
Reference : Step 1: Back Up AD LDS Instance Data http://technet2.microsoft.com/windowsserver2008/en/library/8e82c111-32da-430e-a954c0dbe9f4607f1033.mspx?mfr=true
Ki
ng
Explanation: You need to use the Dsdbutil.exe tool to create installation media that corresponds only to the AD LDS instance. By this you can only back up specific AD LDS instances.
.co
Microsoft 70-640: Practice Exam Answer: B Explanation: You need to use the ADSI Edit snap-in to create new OUs in the AD LDS application directory partition. You also need to add the snap-in in the Microsoft Management Console (MMC).
QUESTION NO: 111 You are working as an enterprise administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. All servers on the TestKing.com network run Windows Server 2008. TestKing.com contains a server named TESTKING-SR16 that has the Active Directory Lightweight Directory Services (AD LDS) installed. You receive an instruction from the CIO to test AD LDS. To accomplish this you decide to replicate the AD LDS instance on a test computer that is located on the network. What should you do?
Answer: C
Explanation: You need to run the AD LDS setup wizard on the test computer to create and install a replica of AD LDS. The AD LDS setup wizard has an option to replicate the AD LDS instance on another computer.
QUESTION NO: 112 CORRECT TEXT You are a newly appointed enterprise administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. All servers on the TestKing.com network run Windows Server 2008. TestKing.com contains a server named TESTKING-SR17 that has the Active Directory Lightweight Directory Services (AD LDS) role and the Active Directory Domain Services (AD DS) role installed. "Welcome to Certification's Main Event" - www.test-king.com 76
Te
st-
A. The best option is to run the repadmin/bs <servername> command on the test computer. B. The best options are to copy and pasting the entire partition on the test computer and configure a new AD LDS instance. C. The best option is to create and install a replica of AD LDS on the test computer and run the AD LDS Setup wizard. D. The best option is to create a naming context on the test computer by running the Dsmgmt command.
Ki
ng
.co
Microsoft 70-640: Practice Exam TESTKING-SR17 contains an AD LDS instance named TK_Data that resides on Drive C. You need to relocate TK_Data to the D: Drive. What should you do? (To answer, move the three correct actions on the left to the list on the right in a correct order.)
Answer:
QUESTION NO: 113
TestKing.com contains a server named TESTKING-SR17 that has the Active Directory Lightweight Directory Services (AD LDS) role installed. The AD LDS contains three instances. However, you need to uninstall the present Active Directory Lightweight Directory Services (AD LDS) role and install a new role. You then use the ocsetupcommand with the /uninstall switch, but with no avail. What should you do next? A. The best option is to remove the three instances as well as the role by using the Server Manager. B. The best option is to reboot TESTKING-SR17 to allow the running setup processes to complete and then use the uninstall command.
Te
You are a newly appointed enterprise administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. All servers on the TestKing.com network run Windows Server 2008.
st-
Ki
ng
.co
77
Microsoft 70-640: Practice Exam C. The best option is to uninstall the three instances and then run the ocsetup /uninstall via the Programs and Features. D. The best option is to run the oclist command to confirm the syntax of the option you need to remove and then use the ocsetup command with the correct syntax. Answer: C Explanation: The best option is to remove the three instances before you remove the server from the role. Incorrect Answers: A: You need to remove the three instances before removing the role. The Server Manager will not solve the problem. B: It is very difficult to determine when the setup process is finished because it will answer with a command prompt when the operation is complete. Furthermore, there are no setup processes after a reboot. Thus AD LDS cannot be uninstalled. D: It is true that Oclist will give you the names of the roles and the attributes. However, you contain a full Windows Server 2008 installation. Because of this, Oclist does not function on a full installation.Reference: Syngress - The Real MCTS-MCITP 70-649 Prep Kit - Independent and Complete Self-Paced Solutions
QUESTION NO: 114
What should you do?
A. The best option is to use the Active Directory Sites and Services. B. The best option is to use the Active Directory Users and Computers. C. The best option is to use the Active Directory Domains and Trusts. D. The best option is to use the Active Directory Licensing Manager. Answer: A Explanation: You should make use of the Active Directory Sites and Services to configure sites. This is also important when you are configuring geographical allocated LDS implementations. Incorrect Answers: B: You cannot us the Active Directory Users and Computers, because it is not supported in the LDS implementation. C: The Active Directory Domains and Trusts is not supported in the LDS implementation. "Welcome to Certification's Main Event" - www.test-king.com 78
Te
st-
You are a newly appointed enterprise administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. All servers on the TestKing.com network run Windows Server 2008. You have received instructions from the CIO to install the Windows Server 2008 Lightweight Directory Services.
Ki
ng
.co
Microsoft 70-640: Practice Exam D: The Active Directory Licensing Manager does not there.Reference: Syngress - The Real MCTS-MCITP 70-649 Prep Kit - Independent and Complete Self-Paced Solutions Section 2, Configure Active Directory Rights Management Service (AD RMS) (7 Questions)
QUESTION NO: 115 You are a newly appointed enterprise administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. The functional level of testking.com is set at Windows Server 2003. The client computers at Testking.com run with the Windows Vista operating system. Testking.com contains a server that has the Active Directory Rights Management Services (AD RMS) installed. During a routing monitoring you notice that the users do not use the full extends from the AD RMS, which will protect their documents. The users need to benefit from the AD RMS to protect their documents.
Answer: C
Explanation: You need to configure an email account in Active Directory Domain Services (AD DS) for the user. Doing this you will be able to configure AD RMS to enable users to use it and protect their documents. The AD RMS must use AD DS, which will then regulate access to rights-protected content for all AD RMS users. Reference: http://technet2.microsoft.com/windowsserver2008/en/library/c8f83d5b-e10d-4c31-8af9d2afb076dbf81033.mspx?mfr=true
QUESTION NO: 116 You are working as an enterprise administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. All servers on the TestKing.com "Welcome to Certification's Main Event" - www.test-king.com 79
Te
st-
A. The best option is to add and configure ADRMSADMIN account in local administrators group on the client computers B. The best option is to add and configure the ADRMSSRVC account in AD RMS server's local administrator group C. The best option is to configure an email account for each user the Active Directory Domain Services (AD DS). D. The best option is to reinstall the Active Directory domain on the client computers
Ki
ng
.co
What should you do?
Microsoft 70-640: Practice Exam network run Windows Server 2008 all client computers run Windows Vista. You have received instructions from the CIO to deploy Active Directory Certificate service (AD CS) which will authorize the TestKing.com users by issuing digital certificates. You need to manage the certificate settings on the client computers from one main location. What should you do? A. The best option is to configure the Enterprise CA certificate settings. B. The best option is to configure the Enterprise trust certificate settings. C. The best option is to configure the Advance CA certificate settings. D. The best option is to configure the Group Policy certificate settings. Answer: D Explanation: You need to configure Group Policy certificate settings. This will allow you to manage certificate settings on the client computers from one location. If you use a group policy to configure the certificate setting, it will change the setting in the entire domain. You can use server manager to configure AD CS because the AD CS is a certificate service that is a type of server role in Windows Server 2008.
Testking.com contains a server that has the Active Directory Rights Management Services (AD RMS) installed. The employees at Testking.com have a complaint that they cannot protect their documents. The employees need to protect their documents. What should you do? A. The best option is to create an e-mail account in Active Directory Domain Services (AD DS) for each user. B. The best option is to use a group policy to install the AD RMS client computers which will protect their documents. C. The best option is add the ADRMSADMIN account to the local administrators group on client computers which will protect their documents. D. The best option is add the ADRMSSRVC account to the local administrators on the AD RMS server which will protect their documents. "Welcome to Certification's Main Event" - www.test-king.com 80
Te
You are a newly appointed enterprise administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. The functional level of testking.com is set at Windows Server 2003. The client computers at Testking.com run with the Windows Vista operating system.
st-
Ki
QUESTION NO: 117
ng
.co
Microsoft 70-640: Practice Exam E. The best option is upgrade the functional level from Windows Server 2003 to Windows 2008 server. Answer: A Explanation: You need to configure an email account in Active Directory Domain Services (AD DS) for the user. Doing this you will be able to configure AD RMS to enable users to use it and protect their documents. You can use Microsoft Word, Outlook, or PowerPoint in Microsoft Office 2007 to enable AD RMS. AD RMS can be integrated with other technologies such as smart cards. Reference : Active Directory Rights Management Services Overview http://technet2.microsoft.com/windowsserver2008/en/library/74272acc-0f2d-4dc2-876f15b156a0b4e01033.mspx?mfr=true
QUESTION NO: 118
You have received instructions from the CIO to install Active Directory Rights Management System (AD RMS) to give user authentication and to secure the documents and spreadsheets. What should you do?
A. The best option is to install AD RMS on TESTKING-DC01 and upgrade the XP computers to Windows Vista. B. The best option is to run the latest service pack on the XP Computers and then deploy the RMS client on all the computers. You should also install AD RMS on TESTKING-SR11. C. The best option is to run the latest service pack on the XP Computers and then deploy the RMS client on all the computers. You should also install AD RMS on TESTKING-DC01. D. The best option is to install AD RMS on TESTKING-SR11 and upgrade the Windows XP computers to Windows Vista. Answer: B Explanation:
Te
st-
Ki
The client computers at Testking.com run with the Windows XP and Windows Vista. The domain controllers at TestKing.com are running Windows server 2008 as seen in the following exhibit.
ng
You are working as an enterprise administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. All servers on the TestKing.com network run different operating systems that consist of Windows 2000, Windows 2003, and Windows 2008.
.co
81
Microsoft 70-640: Practice Exam You need to run the latest service pack on the XP Computers and then deploy the RMS client on all the computers. You should also install AD RMS on TESTKING-SR11. This will secure all documents, spreadsheets and user authentication. Furthermore, you cannot install the AD RMS on a Domain controller, only on a member server. Reference : Pre-installation Information for Active Directory Rights Management Services http://technet2.microsoft.com/windowsserver2008/en/library/878e9550-5966-40f3-862c7ea309ddb0ed1033.mspx?mfr=true Reference : Active Directory Rights Management Services Overview http://technet2.microsoft.com/windowsserver2008/en/library/74272acc-0f2d-4dc2-876f15b156a0b4e01033.mspx?mfr=true
QUESTION NO: 119 You are a newly appointed enterprise administrator at TestKing.com. The TestKing.com network consists of an Active directory forest. The functional level of the forest is set at Windows Server 2008. The client computers at TestKing.com run with the Windows Vista operating system. TestKing.com contains a server named TESTKING-DB04 that is running Microsoft SQL server 2005. TESTKING-DB04 is hosting the Active Directory Rights Management Service (AD RMS) which will allow the user to have access to the database service. However, when you open the AD RMS administration website, you received a message telling you that the SQL Server does not exist or access is denied. You need to access the AD RMS administration website to correct the problem. What should you do? (Choose TWO. Each answer forms part of a complete solution) A. You need to reboot the Internet Information Server (IIS). B. You need to install and configure Message Queuing. C. You need to start the MSSQLSVC service. D. You need to delete the AD RMS instance and the SQL server and reinstall it. Answer: A,C Explanation: You need to restart the internet information server (IIS) to correct the problem. The starting of the MSSQULSVC service will allow you to access the database from AD RMS administration website.
QUESTION NO: 120
Te
st-
Ki
ng
.co
82
Microsoft 70-640: Practice Exam You are working as an enterprise administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. All servers on the TestKing.com network run Windows Server 2008 all client computers run Windows Vista. You have received instructions from the CIO to secure the documents and that the emails should use Microsoft Office 2007 Enterprise. What should you do? A. The best option is to install the Active Directory Rights Management Service (AD RMS). B. The best option is to install the Active Directory Federation Services (AD FS). C. The best option is to install the Active Directory Certificate Services (AD CS). D. The best option is to install the Active Directory Lightweight Directory Services (AD LDS). Answer: A Explanation: If you are using the Active Directory Rights Management Service (AD RMS), you can establisih the access of the users (open, read, modify, etc.). It can also be used to to secure email messages, internal websites, as well as documents.
QUESTION NO: 121
A. The best option is to install the Active Directory Lightweight Directory Services (AD LDS). B. The best option is to install the Active Directory Federation Services (AD FS). C. The best option is to install Active Directory Rights Management Service (AD RMS). D. The best option is to install Active Directory Certificate Services (AD CS). Answer: C Explanation: The Active Directory Rights Management Services will allow you to ascertain which access the users and administrators should have. You can also use this to secure email messages, internal websites, as well as documents. Incorrect Answers: A: You should not use the AD LDS. It enabled applications to store and retrieve information without needing the dependencies AD DS requires. B: You should not use the AD FS. This has the ability to do a single sign-on as well as accessing other networks without requiring a secondary password. "Welcome to Certification's Main Event" - www.test-king.com 83
Te
st-
You are an enterprise administrator for TestKing.com. The company runs Windows Server 2008 on all the servers on the network. A new security policy states that all documents and e-mails using Microsoft Office 2007 Enterprise needs to be secure. You need to install a service to accomplish this set requirement. Which service should you install?
Ki
ng
.co
Microsoft 70-640: Practice Exam D: You should not use the AD CS. This is use to configure services for issuing and managing public key certificates.Reference: Syngress - The Real MCTS-MCITP 70-649 Prep Kit Independent and Complete Self-Paced Solutions Section 3, Configure the read-only domain controller (RODC) (14 Questions)
QUESTION NO: 122 You work as an enterprise administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. All servers on the TestKing.com network run Windows Server 2008. Testking.com contains a RODC (read-only domain controller) server named TESTKING-DC01 that resides in a remote location. The remote location lack suitable physical security. You have received instructions from the CIO to activate and populate non-administrative accounts passwords on TESTKING-DC01.
Answer: A
Explanation: You need to configure the administrative accounts to be added in the Domain RODC Password Replication Denied Group, to populate TESTKING-DC01 with non-administrative accounts passwords. The password replication policy will act as a access control list. For nonadministrative passwords, you have to add the administrative accounts in the RODC password replication denied group so that the password could not be cached. The Password Replication policy lists the accounts that are permitted to be cached and the account that are denied from being cached.
QUESTION NO: 123 You are working as an enterprise administrator at TestKing.com. The TestKing.com network consists of a single Active Directory forest. The servers on the TestKing.com network runs "Welcome to Certification's Main Event" - www.test-king.com
Te
st-
A. The best option is to add the administrative accounts in the Domain RODC Password Replication Denied group. B. The best option is to delete all administrative accounts from the RODC's group C. The best option is to configure the permission to Deny on Receive for administrative accounts on the security tab for Group Policy Object (GPO) D. The best option is to add a new GPO and enable Account Lockout settings. Thereafter you should link it to the remote RODC server and on the security tab on GPO. You should also check the Read Allow and the Apply group policy permissions for the administrators.
Ki
ng
.co
What should you do?
84
Microsoft 70-640: Practice Exam Windows Server 2008 and Windows server 2003. TestKing.com has its headquarters in Chicago and a branch office in Dallas. TestKing.com contains a server that has Active Directory Domain Services (AD DS) installed. The Dallas office does not have an administrator or IT personnel. You have received instruction from the CIO to setup a Read-Only Domain Controller (RODC) on the Server Core installation computer in Dallas. What should you do? A. You need to run an unattended installation of AD DS. B. You need to run an attended installation of AD DS. C. You need to run RODC through AD DS. D. You need to run AD DS by using the image of AD DS. Answer: A Explanation: You need to run an unattended installation of AD DS to setup RODC at the branch office. Domain Controllers can be installed very easily by using RODC. You can also install RODC on a Server Core installation of Windows Server 2008. However, you need to be a member of the Domain Admins group or authority to perform installation in order to install RODC. You should not perform an attended installation of AD DS because you won't be able to install RODC on a Server Core installation. Only unattended installations of AD D S can be performed to install RODC.
Testking.com contains a RODC (read-only domain controller) server named TESTKING-DC02 that resides in a remote location. A new TestKing.com security policy requires that no passwords and encryption keys be stored on TESTKING-DC02. You need to make sure that the passwords and encryption keys cannot be stored on TESTKING-DC02. What should you do? A. The best option is to set up RODC filtered attribute set on TESTKING-DC02. B. The best option is to set up RODC filtered set on the server that holds Schema Operations Master role. C. The best option is to set up forest functional level server for Windows server 2008 to configure filtered attribute set "Welcome to Certification's Main Event" - www.test-king.com 85
Te
You work as an enterprise administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. All servers on the TestKing.com network run Windows Server 2008.
st-
QUESTION NO: 124
Ki
ng
.co
Microsoft 70-640: Practice Exam D. The best option is to delegate local administrative permissions for an RODC to any domain user without granting that user any user rights for the domain E. None of the above Answer: B,C Explanation: You need to configure a filtered attribute set. This will ensure that the critical credentials are not replicated. You also need to then set up the RODC filtered set on the server that holds Schema Operations Master role. If you want to set up filtered attribute, you need to use forest functional level server for Windows server 2008. This will also allow you to use a Windows Server 2003 domain controller to replicate the attributes. However, if forest functional level server is Windows Server 2008 then an RODC that is compromised cannot be exploited in this manner because domain controllers that are running WindowsServer2003 are not allowed in the forest. Reference : AD DS: Read-Only Domain Controllers / RODC filtered attribute set http://technet2.microsoft.com/windowsserver2008/en/library/ce82863f-9303-444f-9bb3ecaf649bd3dd1033.mspx?mfr=true
You are in the process of deploying a read-only domain controller named TESTKING-DC05 in the Dallas office. You receive an instruction from the CIO to allow all users located at the Dallas office access to TESTKING-DC05. You are also informed to notify those users to make use of TESTKING-DC05 to log onto the domain. What should you do? A. This can be accomplished by having a new RODC added at the Chicago office. B. This can be accomplished by making use of the Password Replication Policy on TESTKINGDC05. C. This can be accomplished by having a new bridehead server installed and configured in the Dallas office. D. This can be accomplished by installing and configuring a Password Replication Policy on the new RODC in the Chicago office. Answer: B "Welcome to Certification's Main Event" - www.test-king.com 86
Te
st-
You work as an enterprise administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. All servers on the TestKing.com network run Windows Server 2008. TestKing.com has its headquarters in Chicago and a branch office in Dallas.
Ki
ng
QUESTION NO: 125
.co
Microsoft 70-640: Practice Exam Explanation: You should use the Password Replication Policy on the RODC. This will allow the users at the Dallas office to log on to the domain with RODC. RODCs don't cache any user or machine passwords.
QUESTION NO: 126 You work as an enterprise administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. All servers on the TestKing.com network run Windows Server 2008. TestKing.com has its headquarters in Chicago and branch offices around the globe. Each of the branch offices contains a dedicated read-only domain controller (RODC) and is configured as a separate active directory site. However, due to unforeseen circumstances, a RODC server was reported stolen. You need to recover the user accounts that resides on the RODC server.
Answer: A
QUESTION NO: 127 You work as an enterprise administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. All servers on the TestKing.com network run Windows Server 2008. TestKing.com has its headquarters in Chicago and a branch office around the globe. Each of the branch offices contains a dedicated read-only domain controller (RODC) and is configured as a separate active directory site. You have received numerous complaints from the users that they cannot log onto their account. You need to make sure that the user accounts are kept in their local branch office RODC server. "Welcome to Certification's Main Event" - www.test-king.com 87
Te
Explanation: You can use the Active Directory Users and Computers to recover the user accounts cached on the stolen RODC server. The user accounts and OUs will reside on the Active Directory Users and Computers.
st-
Ki
ng
A. The best option is to use Active Directory Users and Computers. B. The best option is to use Dsmod.exe. C. The best option is to use Active Directory Sites and Computers. D. The best option is to use the Ntdstuil.exe with -ato parameter.
.co
What should you do?
Microsoft 70-640: Practice Exam What should you do? A. The best option is to set Allow on the Receive as permission only for the users cannot log on to their accounts, by opening the RODC computer account security tab. B. The best option is to add a password replication policy to the main Domain RODC. Thereafter you should add the user accounts in the security group. C. The best option is to set up and add a separate password replication policy on each RODC computer account. D. The best option is to set up a unique security group for each branch office and add user accounts to the particular security group. You should also add the security groups to the password replication allowed group on the main RODC server Answer: C Explanation: To ensure that the cached credential for user accounts are only stored in their local RODC server, you have to configure and add a separate password replication policy on each RODC computer account. By adding a separate PRP, the user accounts in each branch office will be able to authenticate their accounts.
QUESTION NO: 128
You are responsible for managing three domain controllers at the Phoenix office that is configured to run Windows Server 2003. The budget for a domain controller has been approved for the Miami office. You receive an instruction from the CIO to install a read-only domain controller named TESTKING-DC04 in the Miami office. What should you do? (Choose all that apply.) A. Your best option would be to have the adprep/ rodcprep command executed. B. Your best option would be to have a Windows Server 2008 domain controller installed at the Phoenix office. C. Your best option would be to have the domain functional level raised to Windows Server 2008. D. Your best option would be to have the forest functional level raised to Windows Server 2008. Answer: A,B
Te
st-
You are a newly appointed enterprise administrator at TestKing.com. The TestKing.com network consists of a single Active Directory forest. The functional level of testking.com is set at Windows Server 2003. TestKing.com has its headquarters in Phoenix and a branch office in Miami.
Ki
ng
.co
88
Microsoft 70-640: Practice Exam QUESTION NO: 129 You work as an enterprise administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. All servers on the TestKing.com network run Windows Server 2008. Testking.com contains a headquarters and a remote location. However, the remote location does not have any technical staff. You need to deploy a domain controller is such a way that a users in the remote location can manage it. What should you do? A. The best option is to install a Read-only domain controller (RODC). B. The best option is to install a Primary domain controller (PDC). C. The best option is to install a Backup domain controller (BDC). D. The best option is to install a Normal domain controller (DC). Answer: A
QUESTION NO: 130
What should you do? A. The best option is to install a Domain controller. B. The best option is to install a Global Catalog. C. The best option is to install a Read-only domain controller. D. The best option is to install a Universal Group Membership Caching Server. Answer: C Explanation: A read-only domain controller (RODC) provides an organization with the capability to have a domain controller installed in an area or setting (on or offsite) where security is a factor. "Welcome to Certification's Main Event" - www.test-king.com 89
Te
You are employed as an enterprise administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. All servers on the TestKing.com network run Windows Server 2008. Testking.com contains a headquarters and numerous remote locations. However, the users in the remote location logs on to their own site, however, security can be a problem. You need to sort out this problem.
st-
Ki
ng
Explanation: Only in a Read-only domain controller (RODC), a user can receive the administrator role for a RODC only.
.co
QUESTION NO: 131 You work as an enterprise administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. All servers on the TestKing.com network run Windows Server 2008. TestKing.com has its headquarters in Chicago and quite a few branch offices in the region. The offices at TestKing.com lack suitable physical security. You need to provide the users with the directory services that are suitable in a security that is not known. What should you do? A. The best option is to use Active Directory Federation Services. B. The best option is to use Read-only domain controllers. C. The best option is to use Lightweight Directory Services. D. The best option is to use Active Directory Rights Management Services. Answer: B,C
Reference : Syngress - The Real MCTS-MCITP 70-649 Prep Kit - Independent and Complete Self-Paced Solutions
QUESTION NO: 132 You work as an enterprise administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. All servers on the TestKing.com network run Windows Server 2008. TestKing.com has its headquarters in Miami and quite a few branch offices in the region. The branch offices at TestKing.com each contain a RODC. Due to lack of man power in one of the branch offices, you have relocated a few users to that branch office. The users need to logon in to the branch office and need to authenticate over the WAN link to the information center. What should you do? (Choose all that apply) "Welcome to Certification's Main Event" - www.test-king.com
Te
st-
Explanation: You need to use the Active Directory Federation Services and Active Directory Rights Management Services. The reason or this is the authentication between domains and document security. You also should use the Read-only domain controllers. This will allow the accounts of the users' authentications to be cached on the server. The Lightweight Directory Services will not all full Active Directory features are needed.
Ki
ng
.co
90
Microsoft 70-640: Practice Exam A. The best option is to add the users to the Log On Locally security policy of the Default Domain Controllers Policy GPO. B. The best option is to add the users to the Allowed RODC Password Replication Group. C. The best option is to use the Prepopulate Passwords. D. The best option is to add the users to the Password Replication Policy tab of the branch office RODC. Answer: C,D Explanation: You should use the Password Replication Policy tab. This will identify the credentials that can be cached by RODC. Prepopulating the credentials will ensure that the RODC is able to authenticate the users. Doing this will result in the fact that the users wont need to forward the authentication to the data center on the WAN link. Incorrect Answers: A: The users do not need the permission to log on locally to the branch office domain controller. B: The Allowed RODC Password Replication Group will identify the users whose credentials are cached on any RODC. These users have to log on to only one of the branch offices.Reference: Syngress - The Real MCTS-MCITP 70-649 Prep Kit - Independent and Complete Self-Paced Solutions
QUESTION NO: 133
TestKing.com has its headquarters in Chicago and a branch office in Miami. However, due to unforeseen circumstances, a RODC server was reported stolen. You need to find out which user credentials were stored on the RODC. What should you do? A. The best option is to look in the Resultant Policy tab. B. The best option is to recover the information from the membership of the Denied RODC Password Replication Group. C. The best option is to recover the information from the membership of the Allowed RODC Password Replication Group. D. The best option is to look in the Policy Usage tab. Answer: D
Te
st-
Ki
ng
.co
91
Microsoft 70-640: Practice Exam Explanation: The Policy Usage tab will report the accounts that are stored on the RODC. Incorrect Answers: A: You should not use the Resultant Policy tab. It will not specify whether the users' credentials are cached. B: You should not use the Denied RODC Password Replication Group. It will only specify whose credentials are not cached on any RODC in the domain. C: You should not use the Allowed RODC Password Replication Group. It will identify the users whose credentials are cached on any RODC in the domain.Reference: Syngress - The Real MCTS-MCITP 70-649 Prep Kit - Independent and Complete Self-Paced Solutions
QUESTION NO: 134 You are employed as the exchange administrator at TestKing.com. The TestKing.com network contains an Exchange 2007 Organization. TestKing.com has its headquarters in Dallas and a branch office in Miami. You are in the process of deploying a read-only domain controller (RODC) in the Miami office. The RODC at the Miami office is named TESTKING-DC06. TESTKING-DC06 is configured to run Windows Server 2008. You receive an instruction from the CIO to make sure that the users use TESTKING-DC06 to logon to the domain. What should you do?
Answer: A
QUESTION NO: 135 You are an enterprise administrator for TestKing.com. The company currently has a Windows Server 2003 R2 domain running on the network. You want to install a read-only domain controller into the structure of your Directory Services. You want to accomplish this without upgrading your domain to Windows Server 2008 Directory Services. You thus have to determine a way to add RODC on your network. What should you do?
Te
A. Your best option would be to configure the Password Replication Policy on TESTKING-DC06. B. Your best option would be to decrease the replication interval for the connection objects using the Active Directory Sites and Services console. C. Your best option would be to ensure that another RODC is added to the Miami office. D. Your best option would be to configure a new bridgehead server in the Dallas office.
st-
Ki
ng
.co
92
Microsoft 70-640: Practice Exam A. You need to change the forest functional level to Windows Server 2008 mixed mode. B. You need to run adprep on a Windows Server 2003 R2 domain controller. C. You need to upgrade the domain to a Windows Server 2008 Directory Services domain. D. You need to change the domain functional level to Windows Server 2008 mixed mode. Answer: B Explanation: The scenario can be accomplished by running adprep on a Windows Server 2003 R2 domain controller by using Windows Server 2008 media. Reference : Syngress.The.Real.MCTS.MCITP.Exam.70-648.Prep.Kit.Mar.2008 Section 4, Configure Active Directory Federation Services (AD FS) (13 Questions)
QUESTION NO: 136 You work as an enterprise administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. All servers on the TestKing.com network run Windows Server 2008. A new TestKing.com security policy requires that revoked certificate information should be examined. You receive an instruction from the CIO to make sure that the revoked certificate information is available continuously.
A. The best option is to use network load balancing and publish an OCSP responder. B. The best option is to enable users to accept peer certificates and link a GPO to the domain that you have configured. C. The best option is to use a GPO in order to publish a list of trusted certificate authorities. D. The best option is to configure and publish an OCSP (Online certificate status protocol) responder through ISAS (Internet Security and Acceleration Server) array. Answer: A Explanation: You should use the network load balancing and publish an OCSP responder. This will ensure that the revoked certificate information will be available at all times. You do not need to download the entire CRL to check for revocation of a certificate; the OCSP is an online responder that can receive a request to check for revocation of a certificate. This will also speed up certificate revocation checking as well as reducing network bandwidth tremendously.
QUESTION NO: 137
Te
st-
Ki
What should you do?
ng
.co
93
Microsoft 70-640: Practice Exam You work as an enterprise administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. All servers on the TestKing.com network run Windows Server 2008. TestKing.com consists of a software evaluation lab. TestKing.com contains a server named TESTKING-SR11 that runs Windows Server 2008 and Microsoft Virtual Server 2005 R2. Furthermore, TESTKING-SR11 has 150 virtual servers running on an isolated virtual segment to evaluate software. TESTKING-SR11 uses a physical network interface card to access the Internet. . A new TestKing.com security policy requires that the IP address space used by the software evaluation lab must not be used by other networks and that the IP address space used by other networks should not be used by the evaluation lab network. However, you noticed that the applications tested in the software evaluation lab need to access the normal network to connect to the vendors update servers on the internet. You need to configure all virtual servers on TESTKING-SR11 to access the internet and still to comply with the new TestKing.com security policy. What should you do? (Choose TWO. Each answer forms part of the solution) A. The best option is to trigger the Virtual DHCP server for the external virtual network and use the ipconfig/renew command on each virtual server. B. The best option is to activate the Internet Connection Sharing (ICS) on TESTKING-SR11's physical network interface. C. The best option is to use TestKing.com intranet IP addresses on all virtual servers. D. The best option is to add and install a Microsoft Loopback Adapter network interface on TESTKING-SR11. You should also use a new network interface and create a new virtual network. Answer: A,D
Explanation: You need to trigger the virtual DHCP server for the external virtual network and run ipconfig/renew command on each virtual server. If you doing this, it will let the virtual servers comply with the new Testking.com security policy. You should also add and install Microsoft Loopback adapter network interface on TESTKING-SR11. Create a virtual network using the new interface, you need to configure the Virtual DHCP server for the external virtual network, and a set of IP addresses are assigned to the virtual servers on TESTKING-SR11. Furthermore, when you run the ipconfig/renew command, a IP addresses will be renewed. The Microsoft Loopback adapter network interface will ensure that the IP address space used by other networks are not been used by the virtual servers on TESTKING-SR11. You create a new virtual network on the new network interface which will enable you to access internet.
Te
st-
Ki
ng
.co
94
Microsoft 70-640: Practice Exam QUESTION NO: 138 You are a newly appointed enterprise administrator at TestKing.com. The TestKing.com network consists of an Active Directory forest with a single domain. TestKing.com hosts their applications on the perimeter network of TestKing.com. TestKing.com contains a domain member server that has the Active Directory Federation Services (AD FS) role installed. The TestKing.com management wants single sign-on to all applications hosted on the perimeter network. You receive an instruction from management to configure the AD FS trust policy in order to populate AD FS tokens with the user data from the Active directory domain. What should you do? A. The best option is to add and configure a new organization claim. B. The best option is to add and configure a new account store. C. The best option is to add and configure a new account partner. D. The best option is to add and configure a new application. Answer: B
Reference : Active Directory Federation Services http://msdn2.microsoft.com/en-us/library/bb897402.aspx
QUESTION NO: 139 You work as an enterprise administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. All servers on the TestKing.com network run Windows Server 2008. TestKing.com contains a server named TESTKING-SR11 that has the Active Directory Federation Services (AD FS) role installed. You have received instructions from the CIO to test the "Welcome to Certification's Main Event" - www.test-king.com 95
Te
Explanation: You need to add and configure a new account store. With this you can configure the AD FS trust policy to populate AD FS tokens with employee's information from Active directory domain. AD FS allows the secure sharing of identity information between trusted business partners across an extranet. When a user needs to access a Web application from one of its federation partners, the user's own organization is responsible for authenticating the user and providing identity information in the form of "claims" to the partner that hosts the Web application. The hosting partner uses its trust policy to map the incoming claims to claims that are understood by its Web application, which uses the claims to make authorization decisions. Because claims originate from an account store, you need to configure account store to configure the AD FS trust policy.
st-
Ki
ng
.co
Microsoft 70-640: Practice Exam connectivity of clients in the network to make sure that they can reach the new Federation server and that the Federation server is operational. What should you do? (Choose all that apply) A. The best option is to check if Active Directory Federation Services is running, in the Services tab. B. The best option is to look for event ID 674 in the event viewer, Applications, Event ID column. C. The best option is to type the Federation Service URL for the new federation server, in a browser window. D. None of the above Answer: B,C Explanation: To test the connectivity of clients in the network to ensure that they can successfully reach the new Federation server and Federation server is operational, you can look for event ID 674. This event verifies that the federation server was able to successfully communicate with the Federation Service. You can also open a browser window, and then type the Federation Service URL for the new federation server. The Federation Server Service page should appear along with a list of links that identify the Web methods that the Federation Service uses. The Federation Service URL should include the Domain Name System (DNS) host name of the federation server. Reference : Event ID 674 - Trust Policy and Configuration http://technet2.microsoft.com/windowsserver2008/en/library/71705c30-e97f-4e36-92abd33175bf588d1033.mspx?mfr=true Reference : Verify That a Federation Server Is Operational http://technet2.microsoft.com/windowsserver2008/en/library/ecf28b0c-014d-4b8c-a579fb12cca347b41033.mspx?mfr=true
QUESTION NO: 140 You work as an enterprise administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. All servers on the TestKing.com network run Windows Server 2008. TestKing.com contains a two-node Network Load Balancing cluster named web.TestKing.com. The two-node Network Load Balancing cluster provides load balancing and high availability of the intranet website. During a routine monitoring, you notice that the users can view the Network Load "Welcome to Certification's Main Event" - www.test-king.com 96
Te
st-
Ki
ng
.co
Microsoft 70-640: Practice Exam Balancing cluster in their Network Neighborhood. You also notice that they to connect to various services by using web.TestKing.com. On further investigation you notice the Network Load Balancing cluster has only one port rule configured. You have received instructions from the CIO to configure the web.TestKing.com NLB cluster to accept HTTP traffic only. What should you do? (Choose TWO. Each answer forms part of the complete solution) A. The best option is to make use of the Network Load Balancing Cluster console and create a new rule for TCP port 80. B. The best option is to make use of the wlbs disable command on the cluster nodes C. The best option is to make use of the NLB Cluster console and assign a unique port rule for NLB cluster. D. The best option is to make use of the Network Load Balancing Cluster console and delete the default port rules. Answer: A,D Explanation: You need to create a new rule for TCP port 80. It will then accept HTTP traffic only. You should also delete the default port rules through NLB Cluster console.
QUESTION NO: 141
A newly appointed inexperienced enterprise administrator wants to know which of the following Active Directory Service will provide Internet-based clients a secure identity access solution that will be able to operates on both Windows and non-Windows operating systems. What should you reply? A. You should tell the newly appointed inexperienced enterprise administrator that the Active Directory Rights Management Service (AD RMS) offers Internet-based clients a secure identity access solution which operates on both Windows and non-Windows operating systems. B. You should tell the newly appointed inexperienced enterprise administrator that the Active Directory Lightweight Directory Service (AD LDS) offers Internet-based clients a secure identity access solution which operates on both Windows and non-Windows operating systems. C. You should tell the newly appointed inexperienced enterprise administrator that the Active Directory Domain Services (AD DS) offers Internet-based clients a secure identity access solution which operates on both Windows and non-Windows operating systems. "Welcome to Certification's Main Event" - www.test-king.com 97
Te
st-
Ki
ng
.co
Microsoft 70-640: Practice Exam D. You should tell the newly appointed inexperienced enterprise administrator that the Active Directory Federation Services (AD FS) offers Internet-based clients a secure identity access solution which operates on both Windows and non-Windows operating systems. Answer: D Explanation: Active Directory Federation Services (AD FS) supplies Internet-based clients with a secure identity access solution which operates on both Windows and non-Windows operating systems. AD FS also offers users the power to do a single sign-on (SSO) as well as access applications on other networks devoid of requiring a secondary password.
QUESTION NO: 142 You work as an enterprise administrator at TestKing.com. You receive an instruction from management to implement an Active Directory domain as well as the Active Directory Domain Services (AD DS) on the network. A newly appointed network technician wants to know what is needed to install Active Directory. What should you reply? A. The Active Directory requires DNS. B. The Active Directory requires DHCP. C. The Active Directory requires WINS. D. The Active Directory requires RIS. Answer: A
Explanation: DNS is a requirement of Active Directory. DNS can be installed before or in the course of the installation of Active Directory. DHCP, WINS, as well as RIS are all non-compulsory and are not essential services that can run on a network.
QUESTION NO: 143 You work as an enterprise administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. All servers on the TestKing.com network run Windows Server 2008. During the course of the day you receive an instruction from management to install Active Directory Domain Services (AD DS). What should you reply?
Te
st-
Ki
ng
.co
98
Microsoft 70-640: Practice Exam A. The Server Manager is needed to install the Active Directory Domain Services (AD DS). B. The System Manager is needed to install the Active Directory Domain Services (AD DS). C. The Dcpromo.exe is needed to install the Active Directory Domain Services (AD DS). D. The Add/Remove Programs is needed to install the Active Directory Domain Services (AD DS). Answer: A Explanation: Server Manager permits an administrator to have server roles and features installed as well as configure them to view information regarding server configuration. Incorrect Answers: B: The System Monitor is used to create charts and graphs of the server performance trends. C: The Dcpromo.exe is used to promote a server to a domain controller. D: The Add/Remove Programs to add or remove a program.Reference: Syngress - The Real MCTS-MCITP 70-649 Prep Kit - Independent and Complete Self-Paced Solutions
What should you do?
Answer: B Explanation: Active Directory Federation Services offers users the capability to perform a SSO as well as gain access to applications on other networks devoid of a secondary password.
QUESTION NO: 145 You work as an enterprise administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. All servers on the TestKing.com network run Windows Server 2008. A new TestKing.com policy requires that a server virtualization should be used to add fault tolerance to your servers and to save money. You need to determine the role"Welcome to Certification's Main Event" - www.test-king.com 99
Te
A. The best option is to use the Active Directory Domain Services. B. The best option is to use the Active Directory Federation Services. C. The best option is to use the Active Directory Lightweight Directory Services. D. The best option is to use the Active Directory Rights Management Services.
st-
Ki
ng
You work as an enterprise administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. All servers on the TestKing.com network run Windows Server 2008. You have received instruction from the CIO to set up a single sign-on (SSO) to access several applications.
.co
QUESTION NO: 144
Microsoft 70-640: Practice Exam based utilities that are included with Windows Server 2008. What should you do? A. The best option is to use the Virtualization-H. B. The best option is to use the Hyper-V. C. The best option is to use the Hyper-Virtualization. D. The best option is to use the Virtualization Manager. Answer: B Explanation: Hyper-V which is a hyper visor based virtualization feature. It support machine virtualization. Making use of machine virtualization permits a company with the ability to reduce costs, to improve server utilization and to have a more-dynamic IT infrastructure created.
QUESTION NO: 146
What should you do?
A. It will not connect to the Windows Server 2003 R2 Directory Services. B. It will not connect to the Lightweight Directory Services. C. It will not connect to the Windows Server 2003 Directory Services. D. It will not connect to any of the above. Answer: C Explanation: Active Directory Federation Services was not introduced until the R2 release of Windows Server 2003. Active Directory Federation Services is able to connect to LDS and Windows Server 2003 DS. Active Directory Federation Services is able to connect to LDS and Windows Server 2003 R2.
Te
st-
There are approximate 2,000 employed at TestKing.com. Due to a new partnership with another organization TestKing.com need to expand. You need to make sure that authentication between both companies does not need extra sign-on accounts. However, the new partner company has various Directory Services installed throughout their company. You need to identify the service the Active Directory Federation Services (AD FS) cannot connect to.
Ki
ng
.co
100
Microsoft 70-640: Practice Exam Reference : Syngress - The Real MCTS-MCITP 70-649 Prep Kit - Independent and Complete Self-Paced Solutions
QUESTION NO: 147 You are the newly appointed network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. All servers on the TestKing.com network run Windows Server 2008. Half the client computers run Windows XP Professional and the rest run Windows Vista. You are responsible for managing the Windows Server 2008 environment of TestKing.com. At present the Enterprise Root certificate authority (CA) is used throughout the network. To ensure productivity management wants you to make sure that the revoked certificates is accessible for all testking.com users that have the necessary permissions. What should you do?
Answer: A
QUESTION NO: 148 You work as an enterprise administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. All servers on the TestKing.com network run Windows Server 2008. TestKing.com has a federation relationship with a company named Courseware Publishers that was implemented with the use of Federation Services with Windows Server 2003 R2. You have also made use of the federation service with named accounts to better the security. However, due to an upgrade to AD FS, you notice that the named account used to run the service is removed and replaced with the Network Service account. You need to find out what has happened.
Te
st-
A. You should consider making use of Network Load Balancing in order to create an Online Certificate Status Protocol (OCSP). B. You should consider having a new GPO created for testking.com users in order to trust peer certificates. Thereafter the GPO should be linked to the domain. C. You should consider making use of GPO in order to circulate the trusted certificate authorities list. D. You should consider making use of an Internet Security and Acceleration Server array in order to create an Online Certificate Status Protocol (OCSP).
Ki
ng
.co
101
Microsoft 70-640: Practice Exam What happened? A. It could be that Network Service is the default service account used in an AD FS installation or upgrade. B. It could be that Courseware Publishers contains a policy that states that the federation services should be run with the Network Service account. C. It could be that you are not able to use named service accounts to run the AD FS service. D. It could be that Microsoft favors using Network Service account to run federation services. Answer: A Explanation: During an installation the named service account is automatically replaced by the Network service account. You need to reset the service account for all Active Directory Federation Services. Incorrect Answers: B: The policies will affect the servers on Courseware Publishers' network not TestKing.com. C: All services make use of a named service account to run. D: Network Service accounts have limited access rights to the local computer. It is not a best practice and Microsoft does not enforce it.Reference: Syngress - The Real MCTS-MCITP 70-649 Prep Kit - Independent and Complete Self-Paced Solutions
QUESTION NO: 149
During the course of the day you perform your routine maintenance on TESTKING-DC01 by opening the Microsoft Management Console (MMC). You have later discovered that the Active Directory Schema snap-in us not available. TestKing.com requested that you ensure access to the Active Directory Schema snap-in. What should you do? A. You should consider having the Active Directory Lightweight Directory Services (AD LDS) role added to TESTKING-DC01. B. You should consider having the Ntdsutil.exe command executed at the command prompt and connect to the Schema Master Operations master. C. You should consider having Schmmgmt.dll registered. D. You should consider having a member account of the Schema Administrators group used to log on. "Welcome to Certification's Main Event" - www.test-king.com 102
Te
You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. TestKing.com has its headquarters located in London and branch office located in Paris. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista. TestKing.com currently makes use of a computer named TESTKING-DC01 configured as a domain controller.
st-
Ki
ng
.co
Microsoft 70-640: Practice Exam Answer: C Explanation: Section 2, Maintain Active Directory accounts (8 Questions)
QUESTION NO: 150 You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. TestKing.com has its headquarters located in London and branch office located in Paris. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista. During the course of the day you receive instruction from TestKing.com to log on to a client computer that has been offline for a year. You later started the computer and attempted to log on as the administrator and receive an error message stating that authentication failed. TestKing.com wants you to ensure that you are able to log on and use the computer. What should you do?
Answer: C
Explanation: In the scenario you should have the computer disjoined from the domain and rejoined to the domain whilst having the computer account reset as well. You should additionally note that the long inactivity caused the computer to stop responding to the authentication query using the Active Directory records. You should note by disjoining and rejoining with the account being reset would refresh the computer account passwords.
QUESTION NO: 151 You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. TestKing.com has its headquarters located in London and branch office located in Paris. All servers on the TestKing.com network run Windows "Welcome to Certification's Main Event" - www.test-king.com 103
Te
st-
A. You should consider having the netsh command run at the command prompt on the computer. You should then have the machine options set. B. You should consider having the netsh trust/reset command run at the command prompt. You should then join the computer to the domain again. C. You should consider having the computer disjoined from the domain. You should then rejoin the computer to the domain and reset the computer account. D. You should consider having the computer account deleted from the organizational unit. You should then have the account added to the organizational unit.
Ki
ng
.co
Microsoft 70-640: Practice Exam Server 2008 and all client computers run Windows Vista. TestKing.com currently makes use of two computers named TESTKING-DC01 and TESTKING-DC02 configured as domain controllers. During the course of the day you receive instruction from TestKing.com to have the Audit account management policy and Audit directory services access settings enabled. TestKing.com has additionally requested that you make sure Active Directory objects modifications are logged by ensuring that the modifications displays the new and old values of the elements. What should you do? A. Your best option would be to have Audipol.exe executed. Thereafter the default domain policy disabled. B. Your best option would be to have the Audit Directory services access setting as well as the directory service modifications enabled. C. Your best option would be to have the Audit account management policy disabled. Thereafter the Audit account management policy should be re-enabled. D. Your best option would be to have Auditpol.exe executed. Thereafter the security settings of the domain controllers organizational unit should be configured. Answer: D
QUESTION NO: 152
You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. TestKing.com has its headquarters located in London and branch office located in Paris. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista. During the course of the day a TestKing.com network user named Rory Allen attempted to log on to the domain by using his client computer and user account. However, he receives an error message stating: "This account has expired. Contact your administrator to reactivate the account" TestKing.com has requested that you ensure that Rory Allen is able to log on to the domain using the Rory Allen user account. What should you do? "Welcome to Certification's Main Event" - www.test-king.com 104
Te
st-
Ki
Explanation: In order to make sure the changes made to active directory objects are logged and the logs show the old and new values of any attribute. Audipol.exe should be run and the security settings configured for the domain controllers Organizational Unit.
ng
.co
Microsoft 70-640: Practice Exam A. You should consider having the properties of the Rory Allen user account opened. You should then have the default domain policy modified to decrease the duration of account lockout. B. You should consider having the password option changed to never expire in the Rory Allen user account properties. C. You should consider having the properties of the Rory Allen user account opened. You should then have the option to "Never Expire" changed. D. You should consider having the properties of the Rory Allen user account opened. You should then have the Logon Hours setting extended. Answer: C
QUESTION NO: 153 DRAG DROP You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory forest containing a single domain named testking.com. TestKing.com has its headquarters located in London and branch office located in Paris. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista. During the course of the day you discover that TestKing.com accidentally deleted an organizational unit and its child objects. TestKing.com has requested that you perform the required actions in sequence to solve the problem. What should you do? (Move appropriate actions to the answer area at the right whilst arranging them in the correct order
Te
st-
Ki
ng
.co
105
Microsoft 70-640: Practice Exam Answer:
QUESTION NO: 154
You have later determined that the users accounts exist and are enabled and the passwords are correct. TestKing.com recently requested that you identify the cause of the problem whilst ensuring that the network users are able to lo on using their accounts. What should you do? A. You should consider having the Active Directory Domains and Trusts utility used. B. You should consider having the Rstools utility used. C. You should consider having the Repadmin utility used. D. You should consider having the Rsdiag utility used.
Te
During the course of the day you receive instruction from TestKing.com to create one hundred user accounts created for users located across three different sites. The TestKing.com network users have later reported that they receive the error message below when trying to log on: "The username or password is incorrect"
st-
Ki
ng
.co
106
Microsoft 70-640: Practice Exam Answer: C
QUESTION NO: 155 You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. TestKing.com has its headquarters located in London and branch office located in Paris. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista. You are responsible for a domain controller named TESTKING-DC01. During the course of the day you discovered that some Active Directory Lightweight Directory Access Protocol (LDAP) clients are making use of too much CPU resources on TESTKING-DC01. TestKing.com wants you to identify the LDAP resources consuming the CPU resources. What should you do?
Answer: C
You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. TestKing.com has its headquarters located in London and branch office located in Paris. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista. TestKing.com has recently requested that you take on the responsibilities managing help desk calls and basic user account management. During the course of the day you receive instruction to add a new user named Rory Allen to have permission to reset passwords for all users in a specific OU. TestKing.com has recently requested that you have Rory Allen not capable of making permission changes for the object within other OU's in the domain. What should you do? A. You should consider having the Rory Allen's login account moved to an OU containing the OU. You should then have the parent OU of the one requiring administering referred. "Welcome to Certification's Main Event" - www.test-king.com 107
Te
QUESTION NO: 156
st-
Ki
ng
A. You should consider having the LAN Diagnostics Data Collector Set run. You should then have the LAN Diagnostics report reviewed. B. You should consider having the Hardware Events log reviewed in the Event Viewer. C. You should consider having the Active Directory Diagnostics Data Collector set. You should then have a review of the Active Directory report run. D. You should consider having the Resource Monitor opened and review the performance data.
.co
Microsoft 70-640: Practice Exam B. You should consider having the Delegation of Control Wizard used to assign the necessary permissions on the OU that requires being administered. C. You should consider having a special administration account created within the OU. You should then have full permissions granted to the OU for all objects within Active Directory. D. You should consider having the Rory Allen login account moved into the OU which requires being administered. Answer: B Explanation: The Delegation of Control Wizard is designed to permit administrators the ability to have permissions on specific Active Directory objects organized.
QUESTION NO: 157 You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. TestKing.com has its headquarters located in London and branch office located in Paris. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista. During the course of the day you receive instruction from TestKing.com to make use of the Active Directory Users and Computers tool in order to view the objects within an OU. TestKing.com is aware that you created several groups and computers within this OU but the users are currently only showing. The TestKing.com management wants to know what the explanation for this could be. What would your reply be?
A. You should inform TestKing.com that the filtering option which specifies that only User objects should be shown set. B. You should inform TestKing.com that the Group and Computer accounts are never used and therefore are not shown C. You should inform TestKing.com that the Active Directory Users and Computers tool normally does not show groups and computers. D. You should inform TestKing.com that an alternative systems administrator locked the groups, stopping others from entering them. Answer: A Explanation: The filtering option causes other objects to be undetected yet they still exist. Another explanation which does not one form part of the choices would be if a higher-level systems administrator modified the administrator's permissions making use of the Delegation of Control Wizard. "Welcome to Certification's Main Event" - www.test-king.com 108
Te
st-
Ki
ng
.co
Section 3, Create and apply Group Policy objects (GPOs) (8 Questions)
QUESTION NO: 158 You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. TestKing.com has its headquarters located in London and branch office located in Paris. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista. During the course of the day you receive instruction from TestKing.com to create an organizational unit named Products hosting two global groups named KingSales and KingSecurity. TestKing.com has recently additionally asked you to apply desktop restrictions to the KingSecurity group whilst ensuring that the KingSales group does not have the desktop restrictions applied. You started by creating a GPO named KingLockdown and linked it to the Products OU. What should you do?
Answer: C
QUESTION NO: 159 TestKing.com has an Active Directory forest which runs Windows Server 2008. It has branch offices all around the world. The forest includes finance organizational units for offices in the following locations:New YorkLondonAmsterdamRome Each location has a child organizational unit named finance. The finance organizational unit hosts all the users and computers in the finance department. The offices in London, Amsterdam and New York are connected by T1 connections. However, the "Welcome to Certification's Main Event" - www.test-king.com 109
Te
A. You should consider having the Allow Apply Group Policy permission set for the Local domain users on KingLockdown GPO. B. You should consider having the Allow Apply Group Policy permission set for the Authenticated Users on KingLockdown GPO. C. You should consider having the Deny Apply Group Policy permission set for the KingSales on the KingLockdown GPO. D. You should consider having the Deny Apply Group Policy permission set for the KingSecurity Executives on the KingLockdown GPO.
st-
Ki
ng
.co
Microsoft 70-640: Practice Exam office in Rome is connected by a 128-Kbps ISDN connection. TestKing.com has instructed you to install an application on all computers in the finance department. Which two actions should you perform to achieve this task? (Choose two answers. Each answer is a part of the complete solution) A. This can be accomplished by assigning the application to the computers after a Group Policy object was created. Thereafter the GPO should be linked to the finance OU. B. This can be accomplished by having the slow link detection setting in the GPO disabled. C. This can be accomplished by assigning the application to the users in the OU after a Group Policy object was created. Thereafter the GPO should be linked to the finance OU. D. This can be accomplished by having the slow link detection setting modified to 2,544 Kbps (T1) in the GPO. Answer: A,D
QUESTION NO: 160
What should you do? A. You should consider having the Group Policy Results utility run for the computer. B. You should consider having the Group Policy Results utility run for Rory Allen. C. You should consider having the GPRESULT /SCOPE COMPUTER command run at the command prompt. D. You should consider having the GPRESULT /S <system name> /Z command run at the command prompt. Answer: B
Te
During the course of the day you receive instruction from TestKing.com to create two linked GPO's for the network which will be used to publish the new KingSales application. A network user named Rory Allen has recently reported that the KingSales application is not available for installation when logging on. TestKing.com wants you to verify whether the GPO has been applied to Rory Allen.
st-
Ki
ng
.co
110
Microsoft 70-640: Practice Exam QUESTION NO: 161 You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. TestKing.com has its headquarters located in London and branch office located in Paris. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista. The newly appointed Paris office trainee named Rory Allen has recently asked you what the process is known as when lower-level Active Directory objects becomes the heir to Group Policy settings from higher-level Active Directory objects. What would your reply be? A. You should inform Rory Allen that the process is known as Cascading permissions. B. You should inform Rory Allen that the process is known as Overriding. C. You should inform Rory Allen that the process is known as Delegation. D. You should inform Rory Allen that the process is known as Inheritance. Answer: D
You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. TestKing.com has its headquarters located in London and branch office located in Paris. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista. The newly appointed Paris office trainee named Rory Allen has recently asked you at which level(s) would you assign GPO settings that requires being overriden at the domain level. What would your reply be? A. You should inform Rory Allen that you would assign the settings at the Domain level. B. You should inform Rory Allen that you would assign the settings at the OU ans Site levels. C. You should inform Rory Allen that you would assign the settings at the OU level. D. You should inform Rory Allen that you would assign the settings at the Site level. Answer: C Explanation: "Welcome to Certification's Main Event" - www.test-king.com 111
Te
st-
QUESTION NO: 162
Ki
ng
Explanation: Inheritance is the process whereby lower-level Active Directory objects become heir to GPO settings from higher-level ones. You should always be aware of how inheritance will apply to your Active Directory hierarchy when you are configuring GPOs.
.co
Microsoft 70-640: Practice Exam GPO's at the OU level attain priority over GPO's at the domain level. GPO's at the domain level, in turn, attain priority over GPO's at the site level.
QUESTION NO: 163 You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. TestKing.com has its headquarters located in London and branch office located in Paris. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista. The newly appointed Paris office trainee named Rory Allen has recently asked you which of the processes listed below are able to assign permissions to set Group Policy for the objects within the KingUsers OU. What would your reply be? A. You should inform Rory Allen that the Delegation process is able to assign permission to set Group Policy for objects within the KingUsers OU. B. You should inform Rory Allen that the Filtering process is able to assign permission to set Group Policy for objects within the KingUsers OU. C. You should inform Rory Allen that the Promotion process is able to assign permission to set Group Policy for objects within the KingUsers OU. D. You should inform Rory Allen that the Inheritance process is able to assign permission to set Group Policy for objects within the KingUsers OU. Answer: A
QUESTION NO: 164 You work as an enterprise administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. All domain controllers at TestKing.com run Windows Server 2003. TestKing.com has its headquarters in Paris where you are located. Due to company growth the company opens another office in London. You receive notification from management to move the existing user as well as computer objects to another organizational unit in the London office. You need to recommend to management a plan of action that will accomplish this. What should you do? (Choose all that apply.) "Welcome to Certification's Main Event" - www.test-king.com 112
Te
Explanation: The Delegation of Control Wizard can be utilized to permit other systems administrators permission to have GPO links added to an Active Directory object.
st-
Ki
ng
.co
Microsoft 70-640: Practice Exam A. You should recommend that the DSmod utility be run. B. You should recommend that the Active Directory Migration Tool (ADMT) be run. C. You should recommend that the Active Directory Users and Computers utility be run. D. You should recommend that the move-item command be run. Answer: A,C
QUESTION NO: 165 You work as an enterprise administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. All servers on the TestKing.com network run Windows Server 2008. The TestKing.com network contains 100 client computers. TestKing.com acquires an application that needs to be deployed on 75 client computers. In order to install this application you need to change the registry data on the 75 client computers. The .adm extension file holds the necessary registry modifications. You receive an instruction to prepare these 75 computers for the deployment of the newly acquired application. What should you do?
A. Your best option would be to ensure that the Microsoft Windows PowerShell script is created in order to copy the .adm file to the startup folder of the 75 client computers. B. Your best option would be to ensure that the Microsoft Windows PowerShell script is created in order to copy the .adm file to the 75 client computers. Thereafter the REDIRUsr CONTAINER-DN command should be run on the 75 client computers. C. Your best option would be to ensure that the Microsoft Windows PowerShell script is creates in order to copy the .adm file to the 75 client computers. Thereafter the REDIRCmp CONTAINER-DN command should be run on the 75 client computers. D. Your best option would be to ensure that the .adm file is imported into a new GPO. Thereafter the GPO should be edited and linked to the OU that include the 75 client computers. Answer: D Explanation: Section 4, Configure GPO templates (1 Questions)
QUESTION NO: 166 You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory forest containing a single domain named testking.com. TestKing.com has its headquarters located in London and branch office located in Paris. All domain controllers on the "Welcome to Certification's Main Event" - www.test-king.com 113
Te
st-
Ki
ng
.co
Microsoft 70-640: Practice Exam TestKing.com network run Windows Server 2008 and all client computers run Windows XP Professional. TestKing.com deploys three Windows Server 2008 servers that are configured as DNS servers. The ADMX files of TestKing.com are stored in the ADMX central store. A TestKing.com user named Rory Allen has been assigned the duty to deal with all domain based group policy objects. During the course of the day you receive an instruction from TestKing.com to ensure that Rory Allen's client computer is able to edit domain-based GPO's. What should you do? A. You should consider having the client computer of Rory Allen upgraded to Windows Vista. B. You should consider having .NET Framework 3.0 installed on the client computer of Rory Allen. C. You should consider having the user account of Rory Allen added to the Domain Admins group. D. You should consider having a folder created on the Primary Domain Controller (PDC) emulator in the PolicyDefinitions path. Answer: A
Explanation: Section 5, Configure software deployment GPOs (8 Questions)
TestKing.com has recently created an organizational unit and child organizational unit named KingAccounts in each office. TestKing.com has additionally informed you that the KingAccounts organizational unit contains the user and computer accounts for each respective office. During the course of the week you receive instruction from TestKing.com to install an application named KingApp to client computers in the KingAccounts organizational unit by creating a GPO named KingSales. What should you do? A. Your best option would be to have KingSales configured. Then KingApp needs to be published to the user account. Thereafter KingSales should be linked to KingAccounts in every office. B. Your best option would be to have KingSales configured. Then KingApp needs to be assigned to the computer account. "Welcome to Certification's Main Event" - www.test-king.com 114
Te
st-
Ki
QUESTION NO: 167
ng
.co
Microsoft 70-640: Practice Exam Thereafter KingSales should be linked to KingAccounts in every office. C. Your best option would be to have KingSales configured. Then KingApp needs to be assigned to the user account. Thereafter KingSales should be linked to KingAccounts in every office. D. Your best option would be to have KingSales configured. Then KingApp needs to be assigned to the computer account to the computer account. There KingSales should be linked to the testking.com domain. Answer: B
QUESTION NO: 168 You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory forest containing a single domain named testking.com. TestKing.com has its headquarters located in London and branch office located in Paris. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista and Windows XP Professional. During the course of the day you receive instruction from TestKing.com to ensure that the network users in the London and Paris office are able to install approved applications and updates on their client computers in their respective offices. What should you do? (Choose two)
A. You should consider having automatic updates configured in the control panel of the offices client computers. B. You should consider having a GPO created and linked to the server. You should then have the GPO configured to automatically search for updates on Microsoft update site. C. You should consider having a GPO created and linked to the domain. You should then have the GPO configured to direct client computers to the Microsoft WSUS server for approved updates. D. You should consider having the Microsoft WSUS application installed on a server in the environment. You should then have the WSUS server configured to search for new updates on the internet whilst approving all required updates. Answer: C,D
QUESTION NO: 169 You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. TestKing.com has its headquarters located in London and branch office located in Paris. All servers on the TestKing.com network run Windows "Welcome to Certification's Main Event" - www.test-king.com 115
Te
st-
Ki
ng
.co
Microsoft 70-640: Practice Exam Server 2008 and all client computers run Windows Vista. TestKing.com has recently created an organizational unit named KingProducts which has a child organizational object named KingSales. TestKing.com has additionally created a GPO named Sales Application and linked it to the KingProducts OU. During the course of the day you receive instruction from TestKing.com to create a shadow group for the KingSales organizational unit whilst ensuring that the SalesApplication is not deployed to network users in the KingSales OU. What should you do? (Choose two) A. You should consider having the Block Inheritance setting configured on the KingSales organizational unit. B. You should consider having security filtering configured on the SalesApplication GPO to Deny. You should then have the group policy applied for the KingSales OU. C. You should consider having the Enforce setting configured on the SalesApplication GPO. D. You should consider having the Block Inheritance setting configured on the KingProducts organizational unit. Answer: A,B
QUESTION NO: 170
A newly appointed trainee named Rory Allen in the Paris office asked you which of the statements below are correct regarding the action occurring when software packages are removed from an OU which has been linked to a GPO named KingSales. What would your reply be? A. You should inform Rory Allen that the effect would be determined by the systems administrator. B. You should inform Rory Allen that the effect would be determined by the current user. C. You should inform Rory Allen that the application would be uninstalled for every user within the OU. D. You should inform Rory Allen that the current application installations would not be affected by the changes made. Answer: A
Te
st-
Ki
ng
.co
116
Microsoft 70-640: Practice Exam Explanation: The systems administrator has the ability to state whether the application will be uninstalled or if future installations will be disallowed.
QUESTION NO: 171 You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. TestKing.com has its headquarters located in London and branch office located in Paris. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista. During the course of the day you receive instruction from TestKing.com to verify that only the POS's set at the OU level are affecting the Group Policy settings for the object in the KingSales OU. A newly appointed trainee named Rory Allen in the London office asked you which of the options presented below can be used to ensure that the GPO settings are unchanged for the objects in the OU. What would your reply be?
Answer: D
Explanation: The Block Policy Inheritance option avoids group policies of higher-level Active Directory objects from pertaining to lower-level objects providing the Enforced option is not set.
QUESTION NO: 172 You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. TestKing.com has its headquarters located in London and branch office located in Paris. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista. The newly appointed trainee named Mia Hamm in the Paris office has recently asked you which permission should be applied to ensure the GPO settings are disabled for the KingSecurity group in the London office. What would your reply be? "Welcome to Certification's Main Event" - www.test-king.com 117
Te
st-
Ki
A. You should inform Rory Allen that the best option would be to use the Disable option setting. B. You should inform Rory Allen that the best option would be to use the Deny permission. C. You should inform Rory Allen that the best option would be to use the Enforced option setting. D. You should inform Rory Allen that the best option would be to use the Block Policy Inheritance option.
ng
.co
Microsoft 70-640: Practice Exam A. You should inform Mia Hamm that the Apply Group Policy permission enabled. B. You should inform Mia Hamm that the Apply Group Policy permission disabled. C. You should inform Mia Hamm that the Write permission denied. D. You should inform Mia Hamm that the Write permission allowed. Answer: B Explanation: In order to disable the application of Group Policy on a security group the Apply Group Policy option should be disabled. This is particularly effective when you don't want GPO settings to be applied to a specific group, although that group might be in an OU that comprises of the GPO settings.
QUESTION NO: 173 You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. TestKing.com has its headquarters located in London and branch office located in Paris. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista. The TestKing.com network currently consists of one hundred nodes. During the course of the day you receive instruction from TestKing.com to create software packages to roll out the KingSales application to the network users whilst ensuring when network users log on that the required updates are automatically installed. TestKing.com additionally requested that you toll out the exact set of updates to five of the network nodes. What should you do?
A. You should consider having an organizational unit created for the five computers to separate them from the rest of the client computers. B. You should consider having a Sites and Services subnet grouping created for the five computers to separate them from the rest of the client computers. C. You should consider having a policy created which deploys to the five computers. D. You should consider having a group assignment created through Adminisrtative Tools for the five computers to separate them from the rest of the client computers. Answer: A Explanation: An OU is a container object which can be used for administering an Active Directory database. OUs have Active Directory objects. OUs can be used to help build organizations into your directory thus being able to roll out software updates to groupings of users' computers. OUs facilitate the assigning of administration to very definite subtrees of the directory. OUs are capable of being "Welcome to Certification's Main Event" - www.test-king.com 118
Te
st-
Ki
ng
.co
Microsoft 70-640: Practice Exam departments or groups and can be used to structure and manage your network in such a way that has a company's business organization reflected.
QUESTION NO: 174 You work as an enterprise administrator at TestKing.com. The TestKing.com network consists of a single Active Directory forest named testking.com. All servers on the TestKing.com network run Windows Server 2008. Half the client workstations run Windows XP Professional and the rest run Windows Vista. A new TestKing.com policy dictates that only approved application updates is installed on the client computers. You receive an instruction from TestKing to make sure that clients are able to install the application updates that was approved by management. What should you do? (Choose all that apply.)
Answer: B,C
Explanation: Section 6, Configure account policies (4 Questions)
QUESTION NO: 175 You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory forest containing a single domain named testking.com. TestKing.com has its headquarters located in London and branch office located in Paris. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista. TestKing.com has recently created an organizational unit for both respective offices. During the course of the day you receive instruction from TestKing.com to ensure that administrators located at the branch office is able to create and apply GPO. You need to make sure that they are only "Welcome to Certification's Main Event" - www.test-king.com 119
Te
st-
A. Your best option would be to configure Automatic Updates on the client computers. B. Your best option would be to ensure that a GPO is created and linked to the domain. Thereafter the GPO should be configured in order direct the client workstations to the Microsoft WSUS server for approved updates. C. Your best option would be to ensure that the Microsoft WSUS application is installed on the server in the forest. Then the server needs to be configured to search for the latest updates on the Internet. Thereafter the necessary updates should be approved. D. Your best option would be to that a GPO is created and linked to the domain controller OU. Thereafter the GPO should be configured to automatically search for updates on the Internet.
Ki
ng
.co
Microsoft 70-640: Practice Exam able to accomplish this within their organizational unit. What should you do? (Choose two) A. You should consider having the Delegation of Control Wizard executed and delegate the right to link GPO's for the Paris office organizational units to the Paris office administrators. B. You should consider having the Delegation of Control Wizard executed and delegate the right to links GPO's for the domain to the Paris office administrators. C. You should consider having the branch administrators added for each organizational unit in the Managed by Tab settings. D. You should consider having the Paris office administrator's user accounts added in the Group Policy Creator Owners Group. Answer: A,D
QUESTION NO: 176
What would your reply be?
A. You should inform Rory Allen that the Domain Controllers folder in Active Directory Users And Computers tool would be used. B. You should inform Rory Allen that the Foreign Security Principals folder in Active Directory Users And Computers tool would be used. C. You should inform Rory Allen that the Users folder in Active Directory Users And Computers tool would be used. D. You should inform Rory Allen that the Computers folder in Active Directory Users And Computers tool would be used. Answer: B Explanation: When resources are made available to users who reside in domains outside the forest, Foreign Security Principal objects are automatically created. These new objects are stored within the ForeignSecurityPrincipals folder. "Welcome to Certification's Main Event" - www.test-king.com 120
Te
st-
The newly appointed trainee named Rory Allen in the Paris office recently asked you which folders the network users outside the forest use when using the Active Directory Users And Computers tool when the users have been granted access to resources in the domain.
Ki
ng
.co
QUESTION NO: 177 You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. TestKing.com has its headquarters located in London and branch office located in Paris. All servers on the TestKing.com network run Windows Server 2008 and Windows Server 2003 and all client computers run Windows Vista. During the course of the day you received instruction from TestKing.com to have Windows Server 2008 deployed to the Paris office server which currently runs Windows Server 2003. A newly appointed trainee named Mia Hamm in the Paris office asked you which Active Directory objects would permit functionality when considering having a management structure created. What should you do? A. You should inform Mia Hamm that the Domains Active Directory Object would permit functionality. B. You should inform Mia Hamm that the Organizational units (OU's) Active Directory Object would permit functionality. C. You should inform Mia Hamm that the Containers Active Directory Object would permit functionality. D. You should inform Mia Hamm that the Forests Active Directory Object would permit functionality.
QUESTION NO: 178 You are the lead systems administrator for TestKing.com. You have been request to delegate permissions to a user in the SALES OU. Which of the following tools should be used to achieve this functionality? A. In Active Directory Sites And Services. The OU should be right-clicked wherever you wish to delegate permissions and select Delegate Control. B. In Active Directory Trusts And Domains. The OU should be right-clicked wherever you wish to delegate permissions and select Delegate Control. C. In Active Directory Users And Computers. The OU should be right-clicked wherever you wish to delegate permissions and select Delegate Control. "Welcome to Certification's Main Event" - www.test-king.com 121
Te
Explanation: OUs are particularly essential to Active Directory's logical design. OUs permit you the ability to delegate permissions, apply security, and much more.
st-
Answer: B
Ki
ng
.co
Microsoft 70-640: Practice Exam D. In Active Directory Domains And Forests. The OU should be right-clicked wherever you wish to delegate permissions and select Delegate Control. Answer: C Explanation: In the occurrence of you needing to delegate controls, you could use Active Directory Users and Computers, right click the OU where you want to delegate permissions, and select Delegate Control. Section 7, Configure audit policy by using GPOs (11 Questions)
QUESTION NO: 179 You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. TestKing.com has its headquarters located in London and branch office located in Paris. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista. The TestKing.com network currently uses three domain controllers named TESTKING-DC01, TESTKING-DC02 and TESTKING-DC03 configured as file servers. During the course of the day you receive instruction from TestKing.com to install the KingSales application on the file servers. You later installed the KingSales application and one of the file servers shuts down itself. TestKing.com recently requested that you trace and verify what the problem could be. To comply with TestKing.com you created a GPO named Report which requires changing the domain security settings to trace the shutdown to identify the cause. What should you do?
A. You should consider having the Report GPO linked to the domain. You should then have the Audit Object Access option enabled. B. You should consider having the Report GPO linked to the Domain Controllers. You should then have the Audit Object Access option enabled. C. You should consider having the Report GPO linked to the domain. You should then have the System Events option enabled. D. You should consider having the Report GPO linked to the Domain Controllers. You should then have the Audit Process tracking option enabled. Answer: C Explanation: In order to change the domain security settings to trace the shutdowns and identify the cause of it, you should link the Group Policy Object to the domain and enable System Events option. The system events will track the problem and tell you what is causing the shutdowns. "Welcome to Certification's Main Event" - www.test-king.com 122
Te
st-
Ki
ng
.co
QUESTION NO: 180 You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. TestKing.com has its headquarters located in London and branch office located in Paris. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista. TestKing.com has recently created an organizational unit in the domain named KingServers which contains three computers named TESTKING-SR01, TESTKING-SR02 and TESTKING-SR03. During the course of the day you travel to the Paris office to assist the administrator by generating a Group Policy Object (GPO). TestKing.com has recently requested that you have the created GPO linkes to the KingServers organizational unit. What should you do?
Answer: A
Explanation: In order to monitor the network connections to the servers in security organizational unit, you should start the Audit Logon Events option. The Audit logon event is a security setting that decides whether to audit each instance of a user logging on or off from a computer. Basically, the account logon events are generated on domain controllers to monitor the domain account activity and local account activity on local computers. If you enable both account logon and logon audit policy categories, the domain account logons will generate a logon or log off event on a server or a workstation and they will generate a logon or log off event on the domain controller. So if you start the Audit logon events option, you will be able to monitor the network connections to the servers in security organizational unit.
Te
st-
A. You should consider having the Audit Logon Events option started to monitor the network connections to the servers. B. You should consider having Audit process tracking option started to monitor the network connections to the servers C. You should consider having Audit Object Access option started to monitor the network connections to the servers D. You should consider having Audit System Events option started to monitor the network connections to the servers
Ki
ng
.co
123
Microsoft 70-640: Practice Exam QUESTION NO: 181 You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. TestKing.com has its headquarters located in London and branch office located in Paris. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista. TestKing.com has recently acquired twenty portable computers with wireless network cards installed. During the course of the day you receive instruction from TestKing.com to create an organization unit named Portable with a GPO and configure the user profiles by utilizing the names of approved wireless networks. You later decided to have the GPO linked to the Portable OU. The network users using the portable computers recently reported that they are unable to access wireless networks. What should you do? A. You should consider having the gpupdate/boot command executed at the command prompt of the portable computers to enforce the group Policy wireless settings B. You should consider having each portable computer connected to the wire network. You should then log off the portable computer and log back on to enforce the group Policy wireless settings. C. You should consider having the gpupdate/target:computer command executed at the command prompt of the portable computers to enforce the group Policy wireless settings. D. You should consider having the Add a neteork command executed. You should then leave the Service Set Identifier (SSID) blank to enforce the group Policy wireless settings. Answer: B
QUESTION NO: 182
You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. TestKing.com has its headquarters located in London and branch office located in Paris. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista. TestKing.com currently makes use of a computer named TESTKING-SR01 to store payroll related sensitive documents. During the course of the day you receive instruction from TestKing.com to configure TESTKING-SR01 to have the payroll documents audited to guarantee that no unauthorized users are accessing the sensitive documents. What should you do? "Welcome to Certification's Main Event" - www.test-king.com 124
Te
st-
Ki
ng
.co
Microsoft 70-640: Practice Exam A. You should consider having Privilege use utilized. B. You should consider having Object tracking utilized. C. You should consider having Process access utilized. D. You should consider having Policy change utilized. Answer: B Explanation: To audit documents (objects) the auditing on object access needs to be enabled thereafter you can audit successes or failures.
QUESTION NO: 183 You are employed as the enterprise administrator at TestKing.com. The company runs Windows Server 2008 on all the servers on the network. The TestKing domain contains 8 file servers that have computer accounts in the KingServers OU. There is a GPO named TKserverConfig is linked to KingServers. Four of the servers contain a folder named KingData1. Due to company growth TestKing hired part time users to assist with the workload. You need to ensure that the users are unable to access KingData1. You thus configure the permissions on KingData1 to prohibit the users from accessing it. You want to audit any attempts by the users to open or manipulate the folder. What should you do? A. Add the audit entries to KingData1 to a failed Full Control access. B. Add the audit entries to KingData1 in order to audit successful Full Control access. C. Evaluate the entries in the Security logs on the domain controllers. D. Define the Audit Object Access policy in TKserverConfig. E. Define the Audit Object Access policy in the Default Domain Controllers GPO. F. Evaluate the entries in the Security logs on every file server. G. Define the Audit Directory Service Access policy in TKserverConfig. Answer: A,D,F Explanation: You need to configure the auditing entries on the Confidential Data folder. When you audit failures to Full Control access it will create audit events for any failed type of access. Object Access auditing should be enabled on file servers. The Server Configuration GPO will then be scoped in order to apply to all file servers. In the security logs of every file server the file system access events will appear. The scenario states that permissions were configured to not allow users access. There will thus be no successful attempts to audit. "Welcome to Certification's Main Event" - www.test-king.com 125
Te
st-
Ki
ng
.co
Microsoft 70-640: Practice Exam File system access events will be logged on the file servers and not the domain controllers. You have to apply the audit policy setting to the file servers and not the domain controllers. The Directory Service Access audit policy relates to modifications to objects in AD not a folder on a disk subsystem. Reference : Syngress - The Real MCTS-MCITP 70-649 Prep Kit - Independent and Complete Self-Paced Solutions
QUESTION NO: 184 You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. Due to company growth TestKing employs contractual workers to ease the work load. The contractual employees are members of a global group named PartTimeUsers. There are four file servers on the network that is configured to run Windows server 2008. These servers hold the confidential information of the company in shared folders. To prevent unauthorized users of accessing these file servers you decide to place them in an organizational unit (OU). This OU is named TKSecure. A new TestKing.com security policy requires that any attempts by contractual workers to access the confidential information needs to be recorded. You need to identify a way to accomplish this. What should you do? (Choose all that apply.) A. You should ensure that the file servers are added to the auditing tab on all the shared folders of the four file servers. Thereafter the Failed Full control setting should be configured in the Auditing Entry dialog box. B. You should ensure that PartTimeUsers is added to the Auditing tab on all the shared folders of the four file servers. Thereafter the Failed Full control setting should be configured in the Auditing Entry dialog box. C. You should ensure that a GPO is created and linked to TKSecure. Thereafter the Audit object access Failure audit policy setting should be configured. D. You should ensure that a GPO is created and linked to TKSecure. Thereafter the Audit privilege use Failure audit policy setting should be configured. Answer: B,C
Te
st-
Ki
ng
.co
126
Microsoft 70-640: Practice Exam QUESTION NO: 185 You are employed as a network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. All servers on the TestKing.com network run Windows Server 2008. The TestKing.com network contains an organizational unit (OU) named Sales. A number of file servers is locates in Sales. Sales contain a folder named Financials. The financial data on the file servers is located on Financials. You decide to create a GPO to determine which users access the financial data on the servers in Sales. What should you do? A. Your first step should be to ensure that the Audit object access option is enabled. Then the newly created GPO should be linked to the domain. Thereafter Auditing for the Authenticated Users group in Financials should be configured on the domain controllers. B. Your first step should be to ensure that the Audit process tracking option is enabled. Then the newly created GPO should be linked to the Domain Controllers OU. Thereafter Auditing for the Authenticated Users group in Financials should be configured on the file servers. C. Your first step should be to ensure that the Audit object access option is enabled. Then the newly created GPO should be linked to Sales. Thereafter Auditing for the Everyone group in Financials should be configured on the file servers. D. Your first step should be to ensure that the Audit process tracking option is enabled. Then the newly created GPO should be linked to Sales. Thereafter Auditing for the Everyone group in Financials should be configured on the file servers. Answer: C
QUESTION NO: 186 You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. TestKing.com has its headquarters located in London and branch office located in Paris. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista. During the course of the day you receive instruction from TestKing.com to configure a GPO named Anti-Virus which ensure that Anti-Virus software are installed on all client computers in both offices. A newly appointed trainee named Mia Hamm in the Paris office asked you if this was possible if you are granted full access to the computers and Active Directory.
Te
st-
Ki
ng
.co
127
Microsoft 70-640: Practice Exam What should you do? A. You should inform Mia Hamm that a GPO should be created with required settings and linked to all organizational units which have computer accounts. You should then have the options to assign the applications set to the workstations. B. You should inform Mia Hamm that the C. You should inform Mia Hamm that this process would not be possible. D. You should inform Mia Hamm that a GPO should be configured at the domain level. You should then have the application published to the workstations. Answer: C Explanation: The scenario states that management wants the application to be installed on all the workstations. You are not able to use a group policy to install software on domain controllers.
Management has excluded domain controllers from the request in this scenario. Reference : Syngress.The.Real.MCTS.MCITP.Exam.70-648.Prep.Kit.Mar.2008
QUESTION NO: 187
TestKing.com has recently acquired a new UNIX administrator in the Paris office. During the course of the day the UNIX administrator in the Paris office requested that have the password history setting increased in the London office. What would your reply be? A. You should inform the UNIX administrator in the Paris office that there is no maximum setting and that he should supply you with a specific number. B. You should inform the UNIX administrator in the Paris office that the Enforce password history setting will be increased to 24. C. You should inform the UNIX administrator in the Paris office that the default setting is the maximum. "Welcome to Certification's Main Event" - www.test-king.com 128
Te
st-
Ki
ng
.co
You are not able to use a group policy to install software on domain controllers and neither can it be used to publish applications to workstations.
Microsoft 70-640: Practice Exam D. You should inform the UNIX administrator in the Paris office that the Enforce password history setting will be increased to 48. Answer: C Explanation: As soon as you install Active Directory the default value for the Enforce password history setting is set to the maximum. The maximum number is 24. Reference : Syngress.The.Real.MCTS.MCITP.Exam.70-648.Prep.Kit.Mar.2008
QUESTION NO: 188 You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. TestKing.com has its headquarters located in London and branch office located in Paris. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista, TestKing.com has recently deployed the KingSales application to client computer on the Paris office by assigning the application to workstations in the Paris office organizational unit. During the course of the day whilst performing routine maintenance you discover that the KingSales application failed to install on some client computers in the Paris office. You later verified that that the KingSales application installed on some client computers. TestKing.com wants you to ensure that the KingSales application is installed on all client computers in the Paris office. What should you do?
A. You should consider having a forced removal of the KingSales application performed. B. You should consider having the MSI file deleted and re-create the KingSales deployment object in Group Policy. C. You should consider having the MSI file modified and redeploy the KingSales application. D. You should consider having each client computer manually troubleshoot to identify the error. Answer: C Explanation: As soon as a deployment fails and the installation is left in an inconsistent state you need to fix the redeployed software. Incorrect Answers: A: The forced removal of the software that was partially installed will not be effective. B: When you delete the deployment package in the Active Directory it will leave you with no ability to manage the failed installation. D: Ultimately it would be necessary for you to troubleshoot every computer but the first thing you "Welcome to Certification's Main Event" - www.test-king.com 129
Te
st-
Ki
ng
.co
Microsoft 70-640: Practice Exam should attempt is redeployment.Reference: Syngress.The.Real.MCTS.MCITP.Exam.70648.Prep.Kit.Mar.2008
QUESTION NO: 189 You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. TestKing.com has its headquarters located in London and branch office located in Paris. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista. TestKing.com has recently approached you about their concerns about the possible weaknesses of password security on the TestKing.com network. During the course of the day you receive instruction from TestKing.com to ensure that the network users change their passwords every 26 days whilst having twelve passwords per annum by modifying the Default Domain Policy. What should you do? (Choose two)
Explanation: When you set the Maximum password age option to 28 users will have to change their password every 28 days. When you set the Minimum password age option to 14 will prohibit the users from changing their passwords until 14 days after the last password change. Incorrect Answers: A: When you set Enforce password history option to 10 in conjunction with the Maximum password age option and the Minimum password age option will ensure that users are able to use five unique passwords per year. B: Disabling the Password must meet complexity requirements option will have no effect on the amount of times the users need to change their passwords or the numerous passwords the system has to remember.Reference: Syngress.The.Real.MCTS.MCITP.Exam.70648.Prep.Kit.Mar.2008
QUESTION NO: 190 You are a newly appointed enterprise administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. All servers on the TestKing.com network run Windows Server 2008. The client computers at Testking.com run Windows Vista "Welcome to Certification's Main Event" - www.test-king.com 130
Te
st-
Ki
Answer: C,D
ng
A. You should consider having the Enforce password history option set to 10. B. You should consider having the Password must meet complexity requirements option disabled. C. You should consider having the Minimum password age option set to 14. D. You should consider having the Maximum password age option set to 26
.co
Microsoft 70-640: Practice Exam Ultimate. TestKing.com is making use of Windows Cardspace. However, you want to use Windows Cardspace on your system at home that is running Windows Vista Ultimate, to make your work easy. You need to create a backup copy of Windows Cardspace cards. What should you do? A. The best option is to use your administrator account and copy \Windows\ServiceProfiles folder to your USB drive. B. The best option is to backup the data on your USB drive by using the Windows Cardspace application. C. The best option is to use a backup status from Backup \Windows\Globalization folder and save the folder on your USB drive. D. The best option is to use the backup status tool on your USB drive and back up the system state data. E. The best option is to reformat the C: Drive Answer: B
You can also use Windows CardSpace to backup cards data to a storage medium. You should not backup the system state data by using backup status tool on your USB drive. It is not related to the scenario mentioned above. You should not backup \Windows\Globalization folder by using backup status and save the folder on your USB drive because backup status will not be able to backup the data on to any storage device .
QUESTION NO: 191 You are working as an enterprise administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. All servers on the TestKing.com network run Windows Server 2008. An Organizational unit (OU), on a domain controller, was by mistake deleted by a junior enterprise administrator. The best option for you is to use a non-authoritative restore before an authoritative "Welcome to Certification's Main Event" - www.test-king.com 131
Te
st-
Explanation: You need to use the Windows Cardspace application to backup the data on your USB drive. Windows Cardspace creates relationships with website and online services. Windows CardSpace provides a unique way for sites to request information from you to review the identity of a site to manage your information by using information cards to review card information before you send it.
Ki
ng
.co
Microsoft 70-640: Practice Exam restore of the OU. You need to perform a non-authoritative restore of Active Directory Domain Services (AD DS) without disrupting the other data stored on domain controller. What should you do? A. The best option is to backup of all the volumes. B. The best option is to use a Critical volume backup. C. The best option is to backup of the volume that hosts Operating system. D. The best option is to backup of AD DS folders. Answer: B Explanation: If you do not want to disrupt the data stored on domain controller, you need to use a critical volume backup to perform non-authoritative restore of AD DS. You must first complete a non-authoritative restore before performing an authoritative restore of AD DS. You must ensure that the replication does not occur after non-authoritative restore. You must do a critical-volume backup before you perform a non-authoritative restore. To prevent the replication from occurring after the non-authoritative and to perform the authoritative restore portion of the operation, you must restart the domain controller in Directory Services Restore Mode and perform the authoritative restore at the domain controller that you are restoring. You should start the domain controller normally after performing the authoritative restore of AD DS. You should also synchronize replication with all replication partners.
An Organizational unit (OU), in the Active Directory database that hosts 4000 objects, was by mistake deleted by a junior enterprise administrator. Backup of the system state data was usually done with third-party backup software. You then start the domain controller in the Directory Services Restore Mode (DSRM) to restore the backup. You need to do an authoritative restore of the OU and restore the domain controller as it was. What should you do? (Choose THREE. The answer should be in a sequence. Drag and drop the appropriate action into the sequential order)
Te
You are the newly appointed enterprise administrator at TestKing.com. The TestKing.com network consists of a single Active Directory forest that contains a single domain named TestKing.com. All servers on the TestKing.com network run Windows Server 2008.
st-
QUESTION NO: 192 DRAG DROP
Ki
ng
.co
132
Answer:
Explanation:
Te
st-
Ki
ng
.co
133
Microsoft 70-640: Practice Exam You need to do a non-authoritative restore first before attempting to do a authoritative restore on the Active Directory objects. You should also make use of the ntdsutil authoritative restore command to mark the objects to be restored as authoritative, before you restart the domain controller. The sequence of the steps should be as follows: Perform a restore of system state data to time before the organizational unit was deleted Run Ntdslutil utility Start Domain Controller Service in Services (local) Microsoft Management Console (MMC)
Reference : How to Restore Windows Server 2003 Active Directory http://www.petri.co.il/restore-windows-server-2003-active-directory.htm Reference : Performing an Authoritative Restore of Deleted AD DS Objects http://technet2.microsoft.com/windowsserver2008/en/library/f4e9ee21-ee35-4650-acca798555c0c32c1033.mspx?mfr=true
QUESTION NO: 193
What should you do?
A. The best option is to add your user account to the local Backup Operators group B. The best option is to use the Server Manager feature and install the Windows Server backup feature. C. The best option is to use the Server Manager feature and install the Removable Storage Manager feature. D. The best option is to deactivating the backup job that is configured to backup TESTKING-DC01 on the Windows 2003 server. Answer: B Explanation:
Te
TestKing.com contains a domain controller named TESTKING-DC01 that is regularly backed up via the network by using a dedicated backup server that runs the Windows Server 2003 operating system. You have received instructions from the CIO to prepare TESTKING-DC01 for disaster recovery. However, if you want to back up the system state data for the data controller, the backup utility does not want to run. You need to back up the system state from TESTKING-DC01.
st-
Ki
ng
You are the newly appointed enterprise administrator at TestKing.com. The TestKing.com network consists of a single Active Directory forest that contains a single domain named TestKing.com. Most servers on the TestKing.com network run Windows Server 2008.
.co
134
Microsoft 70-640: Practice Exam You need to use the Server Manager feature and install the Windows Server backup feature. With this you can backup system state data from TESTKING-DC01. the Windows Server Backup is not there by default, you need to install it. You must install it by using the Add Features option in Server Manager. Reference : What's New in AD DS Backup and Recovery? http://technet2.microsoft.com/windowsserver2008/en/library/67f18955-c504-4d63-9f849b8c25d428e81033.mspx?mfr=true
QUESTION NO: 194 You are the newly appointed enterprise administrator at TestKing.com. The TestKing.com network consists of a single Active Directory forest that contains a single domain named TestKing.com. All servers on the TestKing.com network run Windows Server 2008. TestKing.com contains a file server named TESTKING-SR10 that has four hard disks, configured as basic disks. You have received instructions from management to configure Redundant Array of Independent Disks (RAID) 0 +1 on TESTKING-SR10.
Answer: A
Explanation: To convert basic disks to dynamic disks on TESTKING-SR10, you need to use Diskpart.exe utility.
Reference : Managing and Troubleshooting Desktop Storage / Basic Disks http://www.informit.com/articles/article.aspx?p=332154
QUESTION NO: 195 You are working as an enterprise administrator at TestKing.com. The TestKing.com network consists of a single Active Directory forest that contains a single domain named TestKing.com. All servers on the TestKing.com network run Windows Server 2008. TestKing.com contains a domain controller named TESTKING-DC01. One of your job functions at "Welcome to Certification's Main Event" - www.test-king.com 135
Te
st-
A. The best option is to use Diskpart.exe to convert basic disks to dynamic disks. B. The best option is to use Chkdsk.exe to convert basic disks to dynamic disks. C. The best option is to use Fsutil.exe to convert basic disks to dynamic disks. D. The best option is to use Fdisk.exe to convert basic disks to dynamic disks.
Ki
ng
What should you do?
.co
Microsoft 70-640: Practice Exam TestKing.com encompasses managing TESTKING-DC01. During the course of the business day you receive an instruction from management to have the Directory Services Recovery Mode (DSRM) password on TESTKING-DC01 reset. You thus need to identify the appropriate tool that will accomplish this. What should you do? A. The best option is to use the Active Directory Security for Computers snap-in. B. The best option is to use the ntdsutil utility. C. The best option is to use the Netsh utility. D. The best option is to use the Domain Controller security snap-in. Answer: B Explanation: You should use the ntdsutil utility to reset the DSRM password. You can use Ntdsutil.exe to reset this password for the server on which you are working, or for another domain controller in the domain. Type ntdsutil and at the ntdsutil command prompt, type set dsrm password. Reference: http://support.microsoft.com/kb/322672
QUESTION NO: 196
TestKing.com contains a domain controller named TESTKING-DC02 that is also a backup server. It has a 500 GB hard disk that contains three partitions. A new TestKing.com policy required that the domain controller should be backed up every day. However, due to hard disk failure, you replaced the hard disk with the same partitions and capacity. After installing the media, you choose the repair your computer option. You need to restore the operating system and all the other files. What should you do? A. The best option is to do the startup repair. B. The best option is to run the System Restore. C. The best option is to do the Disk defragment. D. The best option is to run the webadmin utility. Answer: D
Te
st-
You are working as an enterprise administrator at TestKing.com. The TestKing.com network consists of a single Active Directory forest that contains a single domain named TestKing.com. All servers on the TestKing.com network run Windows Server 2008.
Ki
ng
.co
136
Microsoft 70-640: Practice Exam QUESTION NO: 197 You are working as an enterprise administrator at TestKing.com. The TestKing.com network consists of a single Active Directory forest that contains a single domain named TestKing.com. All servers on the TestKing.com network run Windows Server 2008. You have received instructions from the CIO to perform an authoritative restore the entire Active Directory database. What should you do? A. The best option is to restore active directory. B. The best option is to restore database. C. The best option is to restore subtree. D. The best option is to restore all. Answer: B Explanation: The restore database command directs the ntdsutil application to execute an authoritative restore of the whole Active Directory database.
A. The best option is to perform auditing. B. The best option is to restore tapes. C. The best option is to use a recovery disk. D. The best option is to enter safe mode and then restore from tape. Answer: A Explanation: The Microsoft Windows Server 2008 auditing feature allows you to view the new and the old values of the object and its characteristics. Once you have viewed the old values it is possible restore them.
QUESTION NO: 199 "Welcome to Certification's Main Event" - www.test-king.com 137
Te
What should you do?
st-
You are working as an enterprise administrator at TestKing.com. The TestKing.com network consists of a single Active Directory forest that contains a single domain named TestKing.com. All servers on the TestKing.com network run Windows Server 2008. You have accidentally altered a user's group settings. You need to restore the default settings.
Ki
ng
QUESTION NO: 198
.co
Microsoft 70-640: Practice Exam You are the newly appointed enterprise administrator at TestKing.com. The TestKing.com network consists of a single Active Directory forest that contains a single domain named TestKing.com. All servers on the TestKing.com network run Windows Server 2008. TestKing.com contains a domain controller named TESTKING-DC01. You have just completed the backup of the system state on TESTKING-DC01. However, a few days after the backup, you have received instructions from the CIO to restore the system state. What should you do? A. The best option is to log on to TESTKING-DC01 and run wbadmin.exe to restore the system state. B. The best option is to first stop the Active Directory Domain Services and run the wbadmin.exe to restore system state. C. The best option is to restart TESTKING-DC01 and go into DSRM and run wbadmin exe to execute the system state restore. D. The best option is to use the Windows Server Backup Wizard and restore system state. Answer: C
QUESTION NO: 200
You are the newly appointed enterprise administrator at TestKing.com. The TestKing.com network consists of a single Active Directory forest that contains a single domain named TestKing.com. All servers on the TestKing.com network run Windows Server 2008. TestKing.com contains a domain controller named TESTKING-DC02. You have received instruction from the CIO to backup TESTKING-DC02 to a DVD. What should you do? A. The best option is to use the Windows Server Backup Wizard and choose the System State Backup and set your target to DVD. B. The best option is to use the wbadmin.exe with the start systemstatebackup command and then target it to the DVD drive. "Welcome to Certification's Main Event" - www.test-king.com 138
Te
st-
Explanation: You must be in DSRM to recover the system state of TESTKING-DC01. To use the wbadmin.exe command, you must be in DSRM. Incorrect Answers: A: You cannot restore TESTKING-DC01 in normal mode. B: If you stop the AD DS, it will not allow you to restore the system state. D: The Windows Server Backup Wizard does not specifically restore the system state.Reference: MCTS Self-Paced Training Kit (Exam 70 640): Configuring Windows Server 2008 eBook
Ki
ng
.co
Microsoft 70-640: Practice Exam C. The best option is to use the Windows Server Backup Wizard and choose a local drive as the target and copy the system state backup to the DVD drive. D. The best option is to use the wbadmin.exe with the start systemstatebackup command. You should also set the target to the local fixed drive and copy the system state backup to a DVD. Answer: D Explanation: If you run the wbadmin.exe, it will allow you to run the system state backups. However, you need to target the local drives. To make a DVD backup, you need to manually copy the system state backup to the DVD drive. Incorrect Answers: A: You need to user the wbadmin.exe command, not the Windows Server Backup. B: You need to target a local drive. C: You need to user the wbadmin.exe command, not the Windows Server Backup.Reference: MCTS Self-Paced Training Kit (Exam 70 640): Configuring Windows Server 2008 eBook
QUESTION NO: 201
What should you do?
A. The best option is use the local administrators account to log on to the server. B. The best option is use another user's domain administrator's account to log on to the server. C. The best option is use the DSRM administrators account and password to log on. D. The best option is change the domain administrator's password from another domain controller and log on using the account with the new password. Answer: C Explanation: You need to use the DSRM administrators account and password to log on. You should then use the DCPROMO wizard and convert the server into a domain controller.
Te
TestKing.com contains a domain controller named TESTKING-DC03. During a routine monitoring you notice that Active Directory database file on TESTKING-DC03 is corrupt. Yu then plan to use the non-authoritative restore on TESTKING-DC03 and reboot a server into DSRM to log onto as the domain administrator. However, it does not allow you to log on. You need to backup TESTKING-DC03 as quick as possible.
st-
Ki
ng
You are working as an enterprise administrator at TestKing.com. The TestKing.com network consists of a single Active Directory forest that contains a single domain named TestKing.com. All servers on the TestKing.com network run Windows Server 2008.
.co
139
Microsoft 70-640: Practice Exam Incorrect Answers: A: The local administrator account does not exist on a domain controller. B: You should use the DSRM account. You cannot use the Domain admin accounts to log on to the server in the DSRM mode. D: You should use the DSRM account. You cannot use the Domain admin accounts to log on to the server in the DSRM mode.Reference: Syngress - The Real MCTS-MCITP 70-649 Prep Kit Independent and Complete Self-Paced Solutions
QUESTION NO: 202 You are working as an enterprise administrator at TestKing.com. The TestKing.com network consists of a single Active Directory forest that contains a single domain named TestKing.com. All servers on the TestKing.com network run Windows Server 2008. Due to unforeseen circumstances a technician accidentally deleted a user account. Furthermore the error has replicated to the other domain controllers. You have received instructions from the CIO to retrieve the user account. What should you do?
A. The best option is to restart the domain controller into DSRM and restore the system state. You should then do an authoritative restore of the user account from the most recent backup by running the wbadmin.exe command. B. The best option is to stop the Active Directory Domain Services on the domain controller in normal mode and load the Windows Server Backup and restore system state. Thereafter, run a non-authoritative restore of the user account. C. The best option is to restart the domain controller into DSRM and restore the system state. You should then do a non-authoritative restore of the user account from the most recent backup by running the wbadmin.exe command. D. The best option is to stop the Active Directory Domain Services on the domain controller in normal mode and load the Windows Server Backup and restore system state. Thereafter, run an authoritative restore of the user account. Answer: A Explanation: You should run an authoritative restore of the user account from the most recent backup by running the wbadmin.exe command. This will also prevent it from being overwritten by directory replication. Incorrect Answers: B: You cannot use the Windows Server Backup to execute an authoritative restore via the GUI. C: The non-authoritative restore will bring back the user account. But if directory replication took place, it will be deleted. "Welcome to Certification's Main Event" - www.test-king.com 140
Te
st-
Ki
ng
.co
Microsoft 70-640: Practice Exam D: You cannot use the Windows Server Backup to execute an authoritative restore via the GUI.Reference: Syngress - The Real MCTS-MCITP 70-649 Prep Kit - Independent and Complete Self-Paced Solutions
QUESTION NO: 203 You work as an enterprise administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. All servers on the TestKing.com network run Windows Server 2008. The Finance department of TestKing.com contains an organizational unit named King Finance. In turn, King Finance contains a separate OU for TKWorkstations, TKGroups and TKClients. At present KingFinance is backed up every evening. During routine monitoring you discover that a newly appointed administrator deleted TKGroups. You receive an instruction from the CIO to ensure that the organizational unit is restored without affecting TKClients and TKWorkstations. What should you do?
Answer: D
QUESTION NO: 204
You work as an enterprise administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. All servers on the TestKing.com network run Windows Server 2008. Testking.com contains a server that has the Windows Backup and Restore utility installed. However, the TestKing.com management wants to know which of the following command can be used to create a full backup of all system state data to the DVD drive (E: drive). What should you reply? A. You should tell management that the Wbadmin enable backup -addtarget:R: /quiet command will allow you to create a full backup of all system state data to the DVD. "Welcome to Certification's Main Event" - www.test-king.com 141
Te
st-
Ki
A. Your best option would be to execute a non-authoritative restore of TKGroups. B. Your best option would be to execute a non-authoritative restore of KingFinance. C. Your best option would be to execute an authoritative restore of KingFinance. D. Your best option would be to execute an authoritative restore of TKGroups.
ng
.co
Microsoft 70-640: Practice Exam B. You should tell management that the Wbadmin enable backup addtarget:C: /quiet command will allow you to create a full backup of all system state data to the DVD. C. You should tell management that the Wbadmin start backup allCritical backuptarget:C: /quiet command will allow you to create a full backup of all system state data to the DVD. D. You should tell management that the Wbadmin start backup allCritical backuptarget:E: /quiet command will allow you to create a full backup of all system state data to the DVD. Answer: D Explanation: You need to run the Wbadmin start backup allCritical backuptarget:E: /quiet command to create a full backup of all system state data to the DVD drive. Furthermore the Wbadmin will allow you to back up and restore your operating system, volumes, files, folders, and applications from a command prompt. Incorrect Answers: A: Wbadmin start backup runs a one-time backup. If you are not using any parameters, it will use the settings from the daily backup schedule. B: The allCritical includes all critical volumes that contain operating system's state. You can use it when -backupTarget is specified. Here the backupTarget isDVD drive (E: drive) on the server, so you need to specify backuptarget:E: C: /quiet runs the subcommand without any prompts to the userReference: Wbadmin start backuphttp://technet2.microsoft.com/windowsserver2008/en/library/4b0b3f32-d21f-4861-84bbb2eadbf1e7b81033.mspx?mfr=true
QUESTION NO: 205
TestKing.com contains a file server named TESTKING-SR12 that contains critical files, which can be accessed by using the Previous Versions tab. However, while you were restoring the critical files, management wants to know the progress of the restoration. You need to view the progress of the restoration. What should you do? A. The best option is to open the Computer Management and click on Sessions under the Shared Folders node. B. The best option is to open the Computer Management and click on Open Files under the Shared Folders node in.
Te
st-
Ki
ng
.co
142
Microsoft 70-640: Practice Exam C. The best option is to run vssadmin.exe query reverts on the command prompt. D. The best option is to run shadow.exe /v on the command prompt. Answer: C Explanation: You need to run the vssadmin.exe query reverts from the command prompt. This will show the progress of the restoration. Reference : Rapid Recovery with the Volume Shadow Copy Service / Command-Line Management http://technet.microsoft.com/en-us/magazine/cc196308.aspx
QUESTION NO: 206 You work as an enterprise administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. All servers on the TestKing.com network run Windows Server 2008. TestKing.com contains a member server named TESTKING-SR10 that contains the Fin_Records folder on the D: drive. The latest backup that was run was on 02/28/2009-10:00. However, due to unforeseen circumstances the folder, Fin_Records was corrupted. You need to restore Fin_Records without affecting other folders on TESTKING-SR10.
A. The best option is to run the Wbadmin start recovery -version: 02/28/2009-10:00 -itemType:File -items:d:\Fin_Records -overwrite -recursive -quiet command. B. The best option is to run the Wbadmin start recovery -backuptarget:D: -version: 02/28/200910:00-overwrite -quiet command. C. The best option is to run the Recover d:\ Fin_Records command. D. The best option is to run the Wbadmin restore catalog -backuptarget:D: -version: 02/28/200910:00-quiet command. Answer: A Explanation: You need to run the Wbadmin start recovery -version: 02/28/2009-10:00 -itemType:File items:d:\Fin_Records -overwrite -recursive -quiet command. This will restore Fin_Records without affecting the other folders. The 2/28/2009-10:00 specifies the version identifier of the backup to recover. The -itemtype:File specifies type of items to recover. Reference : Wbadmin start recovery "Welcome to Certification's Main Event" - www.test-king.com 143
Te
st-
What should you do?
Ki
ng
.co
Microsoft 70-640: Practice Exam http://technet2.microsoft.com/windowsserver2008/en/library/52381316-a0fa-459f-b6a601e31fb216121033.mspx?mfr=true
QUESTION NO: 207 You work as an enterprise administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. All servers on the TestKing.com network run Windows Server 2008. TestKing.com contains a server which has the Windows Server Virtualization role service installed. You need to merge a parent disk and a differencing disk to maximize the storage capacity. What should you do? A. The best option is to edit the differencing disk. B. The best option is to edit parent disk. C. The best option is to configure the Merge settings on differencing disk. D. The best option is to configure the Merge settings on Parent disk. Answer: A
Reference: http://technet2.microsoft.com/windowsserver/en/library/d9ef5bd9-6ca2-488b-a960f3f8ecd6ecc51033.mspx?mfr=true
Section 2, Perform offline maintenance (5 Questions)
QUESTION NO: 208 You are the newly appointed enterprise administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. All servers on the TestKing.com network run Windows Server 2008. TestKing.com contains a domain controller named TESTKING-DC01 that runs mission critical services in the network. You are busy with the Restructuring of organizational unit domain hierarchy and the deleting of unnecessary objects. However, you have received instructions from the CIO to do an Offline de-fragmentation of the active directory database without disrupting the mission critical services. "Welcome to Certification's Main Event" - www.test-king.com 144
Te
st-
Ki
Explanation: You need to merge a parent disk and a differencing disk by editing the differencing disk. Doing this will allow you to maximize the storage capacity. A differencing disk is a child and it can be merged with the parent disk.
ng
.co
Microsoft 70-640: Practice Exam What should you do? A. The best option is to start TESTKING-DC01 in the Directory Services restore mode and run the defrag utility. B. The best option is to start TESTKING-DC01 in the Directory Services restore mode and run the Ntdsutil utility C. The best option is to stop the Domain controller service in the Services MMC and run the Ntdsutil utility D. The best option is to stop the Domain controller service in the Services MMC and run the Defrag utility. Answer: C Explanation: You need to stop the Domain Controller service in the Microsoft Management Console (MMC) and then run the Ntdsutil tool. With this you can do offline defragmentation of the Active Directory database on TESTKING-DC01. Furthermore, the other mission critical services can continue running. You can use the restart feature of AD DS to stop AD DS so that you can perform the defragmentation of Active Directory objects. Reference : Superior Identity Management Features in Windows Server 2008 Enterprise and Windows Server 2008 Datacenter / Directory Services: Active Directory Domain Services http://download.microsoft.com/download/8/2/f/82fa3808-7168-46f1-a07bf1a7c9cb4e85/WS08%20Identity%20Management%20Features%20White%20Paper_FINAL.doc
QUESTION NO: 209
You work as an enterprise administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. All servers on the TestKing.com network run Windows Server 2008. TestKing.com contains a domain controller named TESTKING-DC02 that runs the Active Directory services. You have received instructions from management to perform critical updates without restarting the domain controller. What should you do? A. The best option is to start the Active Directory Domain Services on TESTKING-DC02. B. The best option is to disconnect TESTKING-DC02 from the network and start the Windows update feature. C. The best option is to stop the Active Directory domain services and install the updates. Thereafter you should start the Active Directory domain services after installing the updates. "Welcome to Certification's Main Event" - www.test-king.com 145
Te
st-
Ki
ng
.co
Microsoft 70-640: Practice Exam D. The best option is to stop the Active Directory domain services and install updates. Thereafter you should disconnect from the network and then reconnect again. Answer: C Explanation: If you want to do offline critical updates without restarting the domain controller, you need to stop the Active Directory domain services and install the updates. Start the Active Directory domain services after installing the updates. If you stop the Active Directory domain services, you do not need to restart the domain controller.
QUESTION NO: 210 You are the newly appointed enterprise administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. All servers on the TestKing.com network run Windows Server 2008. TestKing.com contains a two-node Microsoft failover cluster named TK_Hgh that has the DHCP service installed on it. The nodes as named as follows: TK_ND1 and TK_ND2. The specs on TK_Hgh are as follows:A physical shared disk of 400 GB capacity.A 200GB single volume is configured on the shared disk. You are planning to host the Windows Internet Naming Service (WINS) on TK_ND1 and the DHCP and WINS services on TK_ND2. You then create the WINS service group on cluster existing on TK_ND1, by using the High Availability Wizard. However, the High Availability Wizard showed an error that there are no disks available. You need to configure storage volumes on TK_ND1 to add the WINS Service group to TK_ND1. What should you do?
A. The best option is to backup the data on the single volume on TK_ND1 and set up the disk with GUID partition table and create two volumes. Thereafter you should restore the backed up data on one of the volumes and use the other for WINS service group. B. The best option is to add a new physical shared disk to the TK_ND1 cluster and configure a new volume on it. You should then use the volume to fix the error in the wizard. C. The best option is to add new physical shared disks to TK_ND1 and TK_ND2. You should then set up the volumes on these disks and direct TK_ND1 to use TK_ND2 volume for the WINS service group. D. The best option is to add and configure a new volume on the existing shared disk which has 400GB of space. You should then use this volume to fix the error in the wizard. Answer: B "Welcome to Certification's Main Event" - www.test-king.com 146
Te
st-
Ki
ng
.co
Microsoft 70-640: Practice Exam Explanation: You need to add a new physical shared disk to the TK_ND1 cluster and configure a new volume on it. Doing this you can configure storage volumes on TKMFON1. you should also use the volume to fix the error in the wizard. Reference : No disks found http://forums.microsoft.com/TechNet/ShowPost.aspx?PostID=2964971&SiteID=17
QUESTION NO: 211 You are the newly appointed enterprise administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. All servers on the TestKing.com network run Windows Server 2008. TestKing.com contains two servers named TESTKING-SR11 and TESTKING-SR12. TESTKINGSR11 is used to collect all the events. You have also configured the required event subscriptions to collect events from TESTKING-SR12 which will be then transferred to TESTKING-SR11. However, none of the subscriptions works. You need to configure the event collection and event forwarding. What should you do? (Choose THREE. Each answer forms part of the solution.) A. The best option is to execute the winrm quickconfig command on TESTKING-SR12. B. The best option is to execute the wecutil qc command on TESTKING-SR12. C. The best option is to add the TESTKING-SR11 account to the Administrators group on TESTKING-SR12. D. The best option is to execute the winrm quickconfig command on TESTKING-SR11. E. The best option is to add the TESTKING-SR12 account to the Administrators group on TESTKING-SR11. F. The best option is to execute the wecutil qc command on TESTKING-SR11. Answer: A,C,F Explanation: The Normal subscriptions work only in Workgroup environment. So this subscription will not work. You need to add TESTKING-SR11 account to the Administrators group on TESTKING-SR12. This will allow you to configure the event collection and event forwarding on TESTKING-SR11 and TESTKING-SR12. You need use the winrm quickconfig command, because the server is part of the Active Directory (AD). To set up the source system to accept WS-Management requests from other systems you need to type y followed with Enter to make the modifications. You need to repeat the WinRM command to control bandwidth usage or latency of the event forwarding process. You should also use the wecutil qc command and use the y followed with Enter to make "Welcome to Certification's Main Event" - www.test-king.com 147
Te
st-
Ki
ng
.co
Microsoft 70-640: Practice Exam the changes. This will configure the Windows Event Collector service to delayed autostart and start the service. Reference : Collect Vista Events http://www.prismmicrosys.com/newsletters_june2007.php
QUESTION NO: 212 You are the newly appointed enterprise administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. All servers on the TestKing.com network run Windows Server 2008. TestKing.com has its headquarters in Chicago and a branch office in Dallas. The Dallas branch office contains three server named TESTKING-SR11, TESTKING-SR12 and TESTKING-SR13 that is running a Server Core installation of Windows Server 2008. You have received instructions from the CIO to configure the Event Logs subscription on TESTKING-SR11 to monitor TESTKING-SR12 and TESTKING-SR13. What should you do? (Choose TWO. Each answers forms part of the solution) A. The best option is to run the wecutil cs subscription.xml command on TESTKING-SR11. B. The best option is to create an event collector subscription configuration file called subscription.xml on TESTKING-SR11. C. The best option is to create a custom view and export the custom view to subscription.xml file, by using the Event Viewer on TESTKING-SR11. D. The best option is to run the wevtutil im subscription.xml command on TESTKING-SR11. Answer: A,B
Explanation: You need to create an event collector subscription configuration file and name the file subscription.xml. this will allow you to configure a subscription on TESTKING-SR11. You need to then run the wecutil cs subscription.xml command on TESTKING-SR11. The wecutil cs subscription.xml command will allow you to create and manage subscriptions to events that are forwarded from remote computers, which support WS-Management protocol. Furthermore the wecutil cs subscription.xml command will create a subscription to forward events from a Windows Vista Application event log of a remote computer at TestKing.com to the ForwardedEvents log Reference : Wecutil http://technet2.microsoft.com/windowsserver2008/en/library/0c82a6cb-d652-429c-9c3d0f568c78d54b1033.mspx?mfr=true
Te
st-
Ki
ng
.co
148
Microsoft 70-640: Practice Exam Section 3, Configure custom application directory partitions (12 Questions)
QUESTION NO: 213 You are the newly appointed enterprise administrator at TestKing.com. The TestKing.com network consists of a single Active Directory forest that contains a single domain named TestKing.com. All servers on the TestKing.com network run Windows Server 2008. TestKing.com is in need of a distributed application that employs a custom application. You need to use a tool so that the application replicate data. What should you do? (Choose TWO. Each answer forms part of the solution.) A. The best option is to use the Dnscmd tool. B. The best option is to use the Ipconfig tool. C. The best option is to use the Ntdsutil tool. D. The best option is to use the Dnsutil tool. Answer: A,C
QUESTION NO: 214
You are the newly appointed enterprise administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named TestKing.com. All servers on the TestKing.com network run Windows Server 2008. TestKing.com has its headquarters in Chicago and a branch office in Miami. TestKing.com consists of a Marketing department. The Testking.com users need space to store data for an application named TK_Market. To accommodate it, you create an application directory partition. You have received instructions from management to add a replica of TK_Market application directory partition to the domain controller in Miami. What should you do? A. The best option is to use Dnscmd.exe.
Te
st-
Explanation: You need to use the Dnscmd and Ntdsutil tools to implement the application for data replication. The dnscmd command displays and changes the properties of DNS servers, zones and resource records. Ntdsutil tool is a command-line utility that offers management facilities for Active Directory.
Ki
ng
.co
149
Microsoft 70-640: Practice Exam B. The best option is to use Repadmin.exe. C. The best option is to use Ntdsutil.exe. D. The best option is to use Dcpromo.exe. Answer: C Explanation: You need to use the Ntdsutil.exe tool to add replica for the TK_Market application directory partition to the domain controller at Miami . The Ntdsutil tool is a command-line utility that offers management facilities for Active Directory.
QUESTION NO: 215 You are the newly appointed network administrator at TestKing.com. The TestKing.com network consists of an Active Directory forest with five named testking.com. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows XP Professional. TestKing.com has 4 sites. You notice that the company requires a new distributed application that uses a custom application directory partition named ResData for data replication. The application is installed on one member server in the four sites. You need to configure the four member servers to receive the ResData application directory partition for data replication. What should you do?
Answer: A Explanation: To configure the four member servers to receive the ResData application directory partition for data replication, you need to run the Dcpromo utility on the five member servers. ApplicationPartitionsToReplicate:"" parameter with partition names can be used with Dcpromo to specify the application directory partitions that dcpromo will replicate. Reference : "Dcpromo" http://technet2.microsoft.com/windowsserver2008/en/library/d660e761-9ee7-4382-822a06fc2365a1d21033.mspx?mfr=true
Te
A. Run the Dcpromo utility on the five member servers B. Run the Regsvr32 command on the five member servers C. Run the Webadmin command on the five member servers D. Run the RacAgent utility on the five member servers
st-
Ki
ng
.co
150
Microsoft 70-640: Practice Exam QUESTION NO: 216 You are the newly appointed enterprise administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named TestKing.com. All servers on the TestKing.com network run Windows Server 2008. Testking.com is in need of a new distributed application that uses a custom application directory partition named TK_Data. You have received instructions from the CIO to employ the TK_Data for data replication. What should you do? A. The best option is to run the Ntdsutil utility. B. The best option is to run the Wbadmin utility. C. The best option is to run the RacAgent utility. D. The best option is to run the Regsvr32 utility. Answer: A,B
QUESTION NO: 217
TestKing.com contains a server named TESTKING-SR13 that has the file services role installed. You have installed disks as seen in the following exhibit:
You need to new drive volume to support data stripping with parity.
Te
st-
Ki
You are the newly appointed enterprise administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named TestKing.com. All servers on the TestKing.com network run Windows Server 2008.
ng
.co
151
Microsoft 70-640: Practice Exam What should you do? A. The best option is to build a new spanned volume by combining Disk0 and Disk1 B. The best option is to create a new Raid-5 volume by adding another disk C. The best option is to create a new virtual volume by combining Disk 1 and Disk 2 D. The best option is to build a new striped volume by combining Disk0 and Disk 2 Answer: B Explanation: To support data stripping with parity, you should create a new Raid-5 volume by adding another disk. By adding another volume, the total number of disk will be four. This way you can easily create data strip and the parity strips.
QUESTION NO: 218 You are the newly appointed enterprise administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named TestKing.com. All servers on the TestKing.com network run Windows Server 2008. TestKing.com contains a domain controller, where the Active Directory database is installed on drive D. you have received instructions from the CIO to move the Active Directory database to a new volume. What should you do?
Answer: A Explanation: The way you move the Active Directory database to a new volume, is to move the ntds.dit file to the new volume by opening the Files option in the ntdsutil utility. Use Ntdsutil.exe to move the database file, the log files, or both to a larger existing partition. Reference: http://technet2.microsoft.com/windowsserver/en/library/af6646aa-2360-46e4-81cad51707bf01eb1033.mspx?mfr=true
Te
A. The best option is to use the Files option in the Ntdsutil utility and move the ntds.dit file to the new volume. B. The best option is to move the ntds.dit file to the new volume, by using Copy Paste function in the Windows Power Shell. C. The best option is to move ntds.dit file to the new volume, by using the XCOPY command. D. The best option is to move ntds.dit file to the new volume, by using the Windows Explorer.
st-
Ki
ng
.co
152
Microsoft 70-640: Practice Exam QUESTION NO: 219 You are the newly appointed enterprise administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named TestKing.com. All servers on the TestKing.com network run Windows Server 2008. You have received instructions from the CIO to convert the file system from FAT32 to NTFS. What should you do? (Choose TWO. Each answer forms part of the solution) A. The best option is to run the CONVERT /FS:NTFS from the command prompt. B. The best option is to rerun the Windows Server 2008 Setup and choose to convert the partition to NTFS in the course of the reinstallation. C. The best option is to reboot Windows Server 2008 Setup from the installation CD-ROM and select Rebuild File System. D. The best option is to reboot the system. Answer: A,D Explanation: You need to run the CONVERT command-line utility and then restart the server to convert the system partition to NTFS. The filesystem will be converted in the course of the next boot.
QUESTION NO: 220
TestKing.com contains a server named TESTKING-SR15 that has the file server role installed. TESTKING-SR15 is used by the network users to store data. You have configured quotas on TESTKING-SR15 to manage the space on the server. However, you need to view each user's quota usage on a per folder basis. What should you do? A. The best option is to execute the dirquota.exe quota list on the command prompt. B. The best option is to use the File Server Resource Manager and create a File Screen using. C. The best option is to use the properties of each volume to review the Quota Entries list. D. The best option is to use the File Server Resource Manager and create a Storage Management report. Answer: D Explanation: "Welcome to Certification's Main Event" - www.test-king.com 153
Te
st-
Ki
ng
.co
Microsoft 70-640: Practice Exam You need to create a Storage Management report from File Server Resource Manager, to view each users quota usage on a per folder basis. The File Server Resource Manager has the following characteristics: Create quotas to limit the space allowed for a volume or folder Generate notifications when the quota limits are approached or exceeded. Allows to generate storage reports instantly, on demand Reference : Using the File Server Resource Manager Component / Managing Storage Resources on a Remote Computer http://technet2.microsoft.com/windowsserver/en/library/3510fd7c-cbfc-4f67-b4fcd7de7c13373b1033.mspx?mfr=true Reference : Introduction to File Server Resource Manager http://technet2.microsoft.com/windowsserver/en/library/3510fd7c-cbfc-4f67-b4fcd7de7c13373b1033.mspx?mfr=true
QUESTION NO: 221
What should you do?
A. The best option is to change the quota template. B. The best option is to create a file screen template and apply it to the root of the volume that contains the folders. C. The best option is to remove and create the quota template again. D. The best option is to create a new quota template, apply it to all the folders, and then change the quota for each folder. Answer: A Explanation: To comply with the scenario, you need to change the quota template with the new settings that you want for all the 150 folders. If you base your quotas on a template, you can automatically update all quotas that are based on a specific template by editing that template "Welcome to Certification's Main Event" - www.test-king.com 154
Te
st-
TestKing.com contains a server named TESTKING-SR10 that has the file server role installed. TESTKING-SR15 is used by the 150 network users to store data. You have configured quotas on TESTKING-SR15 to manage the space on the server. You have also used a new quota template to apply quotas to 150 folders. You need to change the quota settings for all 150 folders by using the least amount of administrative effort.
Ki
ng
.co
Microsoft 70-640: Practice Exam Reference: " About Quota Templates" http://technet2.microsoft.com/windowsserver2008/en/library/31790148-eaf1-4115-8a504ce7a4503d211033.mspx?mfr=true
QUESTION NO: 222 You are the newly appointed enterprise administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named TestKing.com. All servers on the TestKing.com network run Windows Server 2008. TestKing.com contains a server named TESTKING-SR11 that has the file server role installed. TESTKING-SR11 is used by the network users to store data on the shared folder. You do not want to deny the users to store their data, even if they exceeds they limit of data storage of 450 MB. However, you want notification when a user exceeds the data limit of 450 MB.
Answer: D
Reference : Working with Quotas http://technet2.microsoft.com/windowsserver2008/en/library/fa248320-c5a5-4c40-82371bc22eb8253d1033.mspx?mfr=true
QUESTION NO: 223 You are the newly appointed enterprise administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named TestKing.com. All servers on the TestKing.com network run Windows Server 2008. TestKing.com contains a server named TESTKING-SR13 that has the file services role installed. You have received instructions from the management to provide redundancy for the data disk "Welcome to Certification's Main Event" - www.test-king.com 155
Te
Explanation: You should use a soft quota. A soft quota does not enforce the quota limit but generates all configured notifications. On the other hand, a hard quota cannot be used because it prevents users from saving files after the space limit is reached.
st-
Ki
ng
A. The best option is to create a Passive Screening File Screen. B. The best option is to create an Active Screening File Screen. C. The best option is to create a hard quota. D. The best option is to create a soft quota.
.co
What should you do?
Microsoft 70-640: Practice Exam drives, which are configured as seen the following exhibit:
You need to configure the hard disk drives to support RAID 1. What should you do? (Choose TWO. Each answer is a complete solution) A. The best option is to create a group volume by using Disk1 and Disk 0. B. The best option is to create Disk1 and Disk 2 as dynamic drives. C. The best option is to create and configure a striped volume across Disk1 and Disk2. D. The best option is to create a new mirrored volume, by using Disk 1 and Disk 2. Answer: B,D
Explanation: You need to create Disk1 and Disk 2 as dynamic drives, or you need to create a new mirrored volume, by using Disk 1 and Disk 2. By this set up you will support Raid1 In data storage, disk mirroring or RAID1 is the replication of logical disk volumes onto separate physical hard disks in real time to ensure continuous availability. A mirrored volume is a complete logical representation of separate volume copies. Reference: technet2.microsoft.com/windowsserver/en/library/28af1c0d-8490-4ab0-8be049e5923c4bae1033.mspx
QUESTION NO: 224 You are the newly appointed enterprise administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named TestKing.com. All servers on the TestKing.com network run Windows Server 2008. TestKing.com consists of a headquarters and numerous branch offices around the region. Each "Welcome to Certification's Main Event" - www.test-king.com 156
Te
st-
Ki
ng
.co
Microsoft 70-640: Practice Exam office contains a domain controller. During routine monitoring you discover that the domain controller at your branch is experiencing problems replicating. You need to determine the last time domain controller attempted to execute an inbound replication on the Active Directory partitions. What should you do? A. The best option is to run the repadmin /showrepl command on the domain controller. B. The best option is to run the repadmin /rodcpwdrepl command on the domain controller. C. The best option is to run the repadmin / command on the domain controller. D. The best option is to run the ntdutil command on the domain controller. Answer: A Explanation: You should run the repadmin /showrepl command on the domain controller. This command will show you the replication status when a particular domain controller last tried to execute inbound replication on the Active Directory partitions. Incorrect Answers: B: The /rodcpwdrepl switch will trigger the replication of passwords for particular users from a source domain controller to one or more RODC. C: The /replicate switch will trigger immediate replication. It will not provide you with the information when a particular domain controller last tried to execute inbound replication on the Active Directory partitions. D: The ntdsutil utility will not provide you with information about directory replication.Reference: Syngress - The Real MCTS-MCITP 70-649 Prep Kit - Independent and Complete Self-Paced Solutions
QUESTION NO: 225
TestKing.com has employed you as a network administrator. The TestKing.com network consists of a single Active Directory domain named testking.com. All servers on the TestKing.com network run Windows Server 2008. Half the client computers run Windows XP Professional, and the rest run Windows Vista. TestKing.com contains a Windows Server 2008 Enterprise Root CA. A new TestKing.com security policy prohibits port 443 and port 80 from being opened on the domain controllers as well as the giving any certificate authorizations. During the course of the week you receive an instruction from the CIO to ensure that all TestKing.com users are able to have their certificates requested from the official Web interface. To accomplish this task you thus decide to install the AD CS role. What should you do?
Te
st-
Ki
ng
.co
157
Microsoft 70-640: Practice Exam A. Your subsequent step should be to configure the Online Responder Role Service on a member server. B. Your subsequent step should be to configure the Online Responder Role Service on a domain controller. C. Your subsequent step should be to ensure that the Certification Authority Web Enrollment Role Service is configured on a domain controller after the installation of the AD CS role. D. Your subsequent step should be to ensure that the Certification Authority Web Enrollment Role Service is configured on a member server after the installation of the AD CS role. Answer: D
QUESTION NO: 226 TestKing.com has hired you as a systems administrator for their network. The TestKing.com network consists of a single Active Directory forest named testking.com. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows XP Professional. You are responsible for managing a stand-alone server named TESTKING-SA05. You are in the process of installing the Enterprise certification authority (CA) on TESTKING-SA05. You encounter that the Enterprise CA option is not available when you attempt to add the Active Directory Certificate Services (AD CS) role. To ensure productivity within the company you need to ensure that the AD CS role is installed as an Enterprise CA. What should you do?
A. Your best option would be to add the DNS Server role. B. Your best option would be to join TESTKING-SA05 to the domain. C. Your best option would be to add the Web server (IIS) role as well as AD LDS role. D. Your best option would be to add the Active Directory Certificate Services (AD CS) role. Answer: B
QUESTION NO: 227 You are the newly appointed enterprise administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. All servers on the TestKing.com network run Windows Server 2008. You are assigned a Windows Server 2008 server named TESTKING-SR05. You are in the process of planning the installation of the Active Directory Certificate Service (AD CS) role on TESTKING-SR05. The TestKing.com network contains a group named Data Operators. You "Welcome to Certification's Main Event" - www.test-king.com 158
Te
st-
Ki
ng
.co
Microsoft 70-640: Practice Exam receive an instruction from The CIO to ensure that users in Data Operators are given the appropriate permissions to issue smartcard credentials. These users should not be given the permission to revoke certificates. What should you do? (Choose all that apply.) A. Your best choice would be to have the enrollment agents for the Smartcard logon certificate limited to Data Operators. B. Your best choice would be to have an Enrollment Agent certificate created. C. Your best choice would be to have the certificate managers for the Smartcard logon certificate limited to Data Operators. D. Your best choice would be to have the AD CS role installed. Thereafter the AD CS role can be configured as an Enterprise Root CA. E. Your best choice would be to have the AD CS role installed. Thereafter the AD CS role can be configured as a Standalone CA. F. Your best choice would be to have a Smartcard logon certificate created. Answer: A,D,F Explanation: Section 2, Configure CA server settings (9 Question)
You are responsible for managing two servers named TESTKING-SR01 and TESTKING-SR02. TESTKING-SR01 has the enterprise root certification authority (CA) installed and TESTKINGSR02 the Online Responder role service. You receive an instruction from the CIO to ensure that the Online Responder is supported by TESTKING-SR01. What should you do? A. This can be accomplished by configuring Dual Certificate List extension on TESTKING-SR01 and TESTKING-SR02. B. This can be accomplished by configuring the CertPublishers group on TESTKING-SR01 and TESTKING-SR02. C. This can be accomplished by creating a conventional Group Policy Object (GPO) and importing the enterprise root CA certificate. Thereafter the GPO should be linked to TESTKING-SR01. "Welcome to Certification's Main Event" - www.test-king.com 159
Te
st-
Ki
QUESTION NO: 228
ng
.co
Microsoft 70-640: Practice Exam D. This can be accomplished by configuring the Authority Information Access (AIA) extension on TESTKING-SR01. Answer: D Explanation: In order to configure the online responder role service on TESTKING-SR01 you need to configure the AIA extension. The authority information access extension will indicate how to access CA information and services for the issuer of the certificate in which the extension appears. Information and services may include on-line validation services and CA policy data. This extension may be included in subject or CA certificates, and it MUST be non-critical
QUESTION NO: 229 You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. All servers on the TestKing.com network run Windows Server 2008. Half the client computers run Windows XP Professional, and the rest run Windows Vista. You are responsible for managing a server named TESTKING-SR01. TESTKING-SR01 contains a certificate service that is configured as a stand-alone Certification Authority (CA). A new TestKing.com policy requires audit modifications has to be configured on the CA configuration setting as well as the CA security settings.
A. You should consider opening the Certification services snap-in in order to configure auditing. B. You should consider having auditing configured to write in the %SYSTEM32%\CertSrv directory. C. You should consider having the Audit object Access setting configured and enabled for TESTKING-SR01. D. You should consider configuring TESTKING-SR01 to log successful as well as failed attempts to permissions on files in %SYSTEM32%\CertSrv directory. Answer: B,C
QUESTION NO: 230 TestKing.com has hired you as a systems administrator for their network. The TestKing.com network consists of a single Active Directory domain named testking.com. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows XP Professional. You need to identify the role that will provide you with the ability to have users "Welcome to Certification's Main Event" - www.test-king.com 160
Te
st-
What should you do? (Choose all that apply.)
Ki
ng
.co
Microsoft 70-640: Practice Exam registered into the certificate services program as well as permitting the issuing and management of certificate requests. What should you identify? A. You should identify the Certificate Admins role. B. You should identify the Enrollment Admins role. C. You should identify the Enrollment agents' role. D. You should identify the Certificate agents role. Answer: C Explanation: Enrollment agents are administrators who have the capability to register users into the certificate services program. The enrollment agents have the authority to issue as well as manage certificate requests.
QUESTION NO: 231
What should you do?
A. You should consider implementing a Web CA. B. You should consider implementing a Subordinate CA. C. You should consider implementing a Stand Alone CA. D. You should consider implementing an Enterprise CA. Answer: D Explanation: The Enterprise Root CAs along with the Stand Alone Root CAs is the two CA types. Enterprise Root CAs (automatically integrated with Active Directory) is the uppermost trusted CAs of the hierarchy. They possess the certificates which are issued to the users within your organization. The Stand Alone Root CAs possesses the CAs which you issue to Internet users.
Te
st-
TestKing.com has employed you as a network administrator. The TestKing.com network consists of a single Active Directory domain named testking.com. All servers on the TestKing.com network run Windows Server 2008. Half the client computers run Windows XP Professional, and the rest run Windows Vista. You receive an instruction from the CIO to have certificates implemented for all internal users. To accomplish this you need to determine the appropriate root certificate authority that will accomplish this.
Ki
ng
.co
161
Microsoft 70-640: Practice Exam QUESTION NO: 232 You are the newly appointed network administrator at TestKing.com. You receive an instruction from the CIO to have certificate authority servers implemented on the network. At present the company has routers located on the network. You need to determine the components that will allow the system to acquire certificates even if there is no Account Directory account. What should you do? A. The Router Enrollment Service will allow you to acquire a certificate. B. The Network Hardware Enrollment Service will allow you to acquire a certificate. C. The Network Device Enrollment Service will allow you to acquire a certificate. D. The Hardware Device Enrollment Service will allow you to acquire a certificate. Answer: C Explanation: The Network Device Enrollment Service permits network devices (such as routers) to receive certificates even though they lack an account in the Active Directory domain.
What should you do? A. You should assign Kara Lang the Key recovery agent role. B. You should assign Kara Lang the Certificate key admin role. C. You should assign Kara Lang the Certificate admin agent role. D. You should assign Kara Lang the Certificate recovery agent role. Answer: A Explanation: The key recovery agent is a role or a set of rights which can be offered to an individual so that they possess the permission to have a lost or damaged key recovered.
Te
A TestKing.com employee named Kara Lang is employed as a junior administrator in your department. To ensure that she is able to accomplish her daily tasks you need to ensure that she is able to recover keys from the certificate authority server.
st-
Ki
ng
QUESTION NO: 233
.co
162
Microsoft 70-640: Practice Exam QUESTION NO: 234 You are employed as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows XP Professional. A TestKing.com employee named Rory Allen works in the Research and Development department. You receive an instruction from the CIO to grant him the necessary authority to alter user account information for employees in the Research OU. You need to determine the utility that will allow Rory Allen to accomplish this without any difficulty. What should you do? A. You should identify Computer Management. B. You should identify the Delegation of Control Wizard. C. You should identify a Domain Security Policy. D. You should identify a Domain Controller Security Policy. Answer: B
At present the TestKing.com network has established a domain-based password policy. Management is not satisfied with the clause to maintain a single policy for every user. Management is contemplating an upgrade to Windows Server 2008 in the near future. You need to determine the feature that will solve the problem of only one policy for all domain users. What should you identify? A. You should consider starting the Audit Logon Events option. B. You should consider using a Microsoft Windows Server 2008 multi-password policy. C. You should consider using a Fine-grained password policy. D. You should consider using a Certificate server policy.
Te
You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. All servers on the TestKing.com network run Windows Server 2003.
st-
QUESTION NO: 235
Ki
ng
Explanation: The Delegation of Control Wizard is intended to aid systems administrators in appointing specific permissions to other users.
.co
163
Microsoft 70-640: Practice Exam Answer: B Explanation: Fine-grained password policies allow an organization to contain different password and account lockout policies for diverse sets of users in the very same domain.
QUESTION NO: 236 You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. All servers on the TestKing.com network run Windows Server 2008. You are responsible for managing the Windows Server 2008 environment. You are in the process of deploying a certificate authority server into the network. After deployment you create a global security group named KingUsers. To ensure productivity throughout the organization you receive an instruction from the CIO to allow all users belonging to KingUsers the necessary permissions to issue, revoke as well as approve certificates to accomplish their daily tasks. What should you do?
Answer: C
QUESTION NO: 237 You are employed as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows XP Professional. At present the TestKing.com network makes use of an Enterprise Root certification authority (CA). A TestKing.com user named Kara Lang is assigned to your department to assist with the workload. You receive an instruction from the CIO to grant Kara Lang the necessary permission that will only allow her to sign code. What should you do? (Choose all that apply.) "Welcome to Certification's Main Event" - www.test-king.com 164
Te
Explanation: Section 3, Manage certificate templates (GPOs) (1 Questions)
st-
Ki
A. This can be accomplished by running the certsrv -add KingUsers command prompt. B. This can be accomplished by running the add -member-membertype memberset KingUsers. C. This can be accomplished by having the Certificate Manager role assigned to KingUsers. D. This can be accomplished by moving KingUsers to the Certificate Publisher group.
ng
.co
Microsoft 70-640: Practice Exam A. Your best option would be to have the local computer policy of the Enterprise Root CA modified to only permit Kara Lang to manage Trusted Publishers. B. Your best option would be to have the security settings on the template modified to only permit Kara Lang the necessary permissions to request code signing certificates. C. Your best option would be to have a code signing template configured in the network. D. Your best option would be to have the code signing template distributed to Kara Lang in order to add it to the trust peer certificates. Answer: B,C Explanation: Section 4, Manage enrollments (2 Questions)
QUESTION NO: 238
A. The Event Monitor will assist you in locating errors on the network. B. The Network Monitor will assist you in locating errors on the network. C. The Performance Monitor will assist you in locating errors on the network. D. The Task Monitor will assist you in locating errors on the network. Answer: B Explanation: You make use of Network Monitor to locate network problems at the packet level. You need to make sure that you are accustomed to the tools for both the exam as well as in production environments where it can be used.
QUESTION NO: 239 TestKing.com has hired you as a systems administrator for their network. The TestKing.com network consists of a single Active Directory domain named testking.com. All servers on the "Welcome to Certification's Main Event" - www.test-king.com 165
Te
st-
What should you do?
Ki
You receive an instruction from the CIO to ensure that a method is in place that will assist you in the event of an error with your connection to the deployed network. The TestKin.com network contains three Windows Server 2008 servers that are configured as domain controllers. You need to determine the tools that are included with the servers that will assist you in locating errors on the network.
ng
.co
TestKing.com has employed you as a network administrator. The TestKing.com network consists of a single Active Directory domain named testking.com.
Microsoft 70-640: Practice Exam TestKing.com network run Windows Server 2008 and all client computers run Windows XP Professional. You receive an instruction from the CIO to perform security related alterations to several organizational units within the testking.com domain. To accomplish this you decide to make use of the basic functionality that is provided in the Delegation of Control Wizard. You need to determine the functions that are represented as a common task in the Delegation of Control Wizard. What should you identify? (Choose all that apply.) A. You should identify the reset passwords on the user accounts. B. You should identify the modification of membership of a group. C. You should identify the management of Group Policy links. D. You should identify the creation, deletion and management of groups. Answer: A,B,C,D Explanation: Every option listed is common tasks presented in the Delegation of Control Wizard.
Section 5, Manage certificate revocations (2 Question)
At present the TestKing.com network makes use of a Windows Server 2008 Enterprise certificate authority (CA) to issue certificates. During the course of the day you receive an instruction from the CIO to implement key archival. What should you do? A. Your best option in this scenario would be to revoke the Enterprise subordinate CA. Thereafter a user certificate should be issued to users of the encrypted files. B. Your best option in this scenario would be to have automatic enrollment configured for computers that is configured to host all encrypted files. C. Your best option in this scenario would be to have the private key archived on the server. D. Your best option in this scenario would be to have the Hisecdc security template configured. "Welcome to Certification's Main Event" - www.test-king.com 166
Te
You are the newly appointed network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista.
st-
QUESTION NO: 240
Ki
ng
.co
Microsoft 70-640: Practice Exam Answer: C
QUESTION NO: 241 You are an enterprise administrator for TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista. The TestKing.com network contains two Windows Server 2008 workstations named TESTKINGSR01 and TESTKING-SR02. You are in the process of configuring TESTKING-SR01 as an Enterprise Root certification authority. You decide to have the Online Responder role service installed on TESTKING-SR02. During the course of the day you receive an instruction from the CIO to ensure that TESTKING-SR02 is able to issue a certificate revocation list for the enterprise root CA. What should you do? (Choose all that apply.)
QUESTION NO: 242
You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista Business Edition. Testking.com plans to add multiple domains in the future. You want to ensure that all new domains are configured as Windows Server 2008 domain functional level by default when the domain is created. To this end, you decide to raise the forest functional level of the testking.com forest to Windows Server 2008. What should you do?
Te
st-
Answer: A,D
Ki
A. This can be accomplished by having the OCSP Response Signing certificate imported. B. This can be accomplished by having the Startup Type of the Certificate Propagation service set to Automatic. C. This can be accomplished by having the computer account of TESTKING-SR01 added to the TKCertificates group. D. This can be accomplished by having the enterprise root CA certificate imported.
ng
.co
167
Microsoft 70-640: Practice Exam Step #1. Click Start > Administrative Tools > Active Directory Domains and Trusts.
Step #2. Right click on the forest icon and select Raise forests functional level...
Step #3. Select Windows Server 2008 from the drop-down box and click Raise.
Te
st-
Ki
ng
.co
168
Step #6. Close Active Directory Sites and Services.
Te
Step #5. Click OK.
st-
Ki
ng
.co
Step #4. Click OK on the warning message dialog box.
169
The network currently contains just one site. There are plans to create additional sites and additional site links between the sites. As part of the preparation for the network expansion, you have been asked to configure the cost of the DEFAULTIPSITELINK to be 150. What should you do?
Step #1. Click Start > Administrative Tools > Active Directory Sites and Services.
Te
st-
Ki
ng
You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista Business Edition.
.co
QUESTION NO: 243
170
Step #2. Expand Sites then expand Inter-Site Transports.
Step #3. Click on the IP container in the left pane.
Te
st-
Ki
ng
.co
171
Step #4. Right click on DEFAULTIPSITELINK and select Properties.
Te
st-
Ki
ng
.co
172
Microsoft 70-640: Practice Exam Step #5. Change the cost to 150 and click OK.
Te
st-
Ki
ng
.co
173
QUESTION NO: 244
You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista Business Edition. The testking.com network consists of several sites.
What should you do?
Te
st-
You want to configure the Active Directory replication over all the IP and SMTP site links so that replication will occur regardless of the replication schedule configured on the site links.
Ki
ng
.co
174
Step #2. Expand Sites.
Step #3. Click on Inter-Site Transports.
Te
st-
Ki
ng
.co
175
Step #4. Right click on the IP container in the right hand pane and select Properties.
Te
st-
Ki
ng
.co
176
Microsoft 70-640: Practice Exam Step #5. Tick the Ignore Schedules checkbox and click Apply and OK.
Step #6. In Active Directory Sites and Services, right click on the SMTP container in the right hand pane and select Properties.
Te
st-
Ki
ng
.co
177
Te
Step #7. Tick the Ignore Schedules checkbox and click Apply and OK.
st-
Ki
ng
.co
178
Te
st-
Ki
ng
.co
179
QUESTION NO: 245 You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista Business Edition. The network contains a domain controller named DC1. DC1 is configured as a global catalog server. You install a second domain controller named DC2. You want to configure DC2 to also be a global catalog server. What should you do?
Step #2. Expand Sites.
Te
st-
Ki
ng
.co
180
Step #3. Expand Default-First-Site-Name.
Step #4. Expand Servers.
Te
st-
Ki
ng
.co
181
Step #5. Expand DC2.
Step #6. Right click on NTDS settings and select Properties.
Te
st-
Ki
ng
.co
182
Te
Step #7. Tick the Global Catalog checkbox and click Apply and OK.
st-
Ki
ng
.co
183
Te
st-
Ki
ng
.co
184
QUESTION NO: 246 You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista Business Edition. The network currently consists of a single site at the main office. Testking.com plans to open a branch office. You want to deploy Read Only Domain Controllers (RODCs) at the branch office. To this end, you need to raise the domain functional level to Windows Server 2008. What should you do? Step #1. Click Start > Administrative Tools > Active Directory Domains and Trusts.
Step #2. Right click on the testking.com domain icon and select Raise Domain Functional Level.
Te
st-
Ki
ng
.co
185
Step #4. Click OK at the warning message.
Te
st-
Ki
ng
.co
Step #3. Select Windows Server 2008 from the drop-down list and click Raise.
186
Microsoft 70-640: Practice Exam Step #5. Click OK.
Step #6. Close Active Directory Domains and Trusts.
QUESTION NO: 247 You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista Business Edition. The forest functional level is Windows Server 2008. You plan to deploy a Read Only Domain Controller (RODC). You want to create a computer account for the RODC. The new computer will be named RODC1. RODC1 will also function as a DNS server and Global Catalog server for the domain.
Te
st-
Ki
ng
.co
187
Microsoft 70-640: Practice Exam You are currently logged into a domain controller named DC1. What should you do? Step #1. Click Start > Administrative Tools > Active Directory Users and Computers.
Te
st-
Step #2. Right click on the Domain Controllers container and select Pre-create Read Only Domain Controller account.
Ki
ng
.co
188
Microsoft 70-640: Practice Exam Step #3. Click Next.
Te
st-
Step #4. Click Next.
Ki
ng
.co
189
Te
st-
Ki
ng
.co
190
Te
st-
Ki
Step #6. Enter the name RODC1 and click Next.
ng
.co
191
Te
st-
Ki
ng
.co
192
Te
st-
Ki
ng
.co
193
Te
st-
Ki
Step #9. Leave the accounts field blank and click Next.
ng
.co
194
Te
st-
Ki
ng
.co
195
Te
st-
Ki
Step #11. Click Finish.
ng
.co
196
Te
st-
Ki
Step #12. Close Active Directory Users and Computers.
ng
.co
197
Microsoft 70-640: Practice Exam QUESTION NO: 248 You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista Business Edition. Due to company expansion, testking.com has hired a support technician named Andy Reid to work in the Sales department. Part of Andy's job will be to manage user accounts for the Sales users. You have created an Organization Unit (OU) named Sales in the Active Directory. You want to enter a description for the Sales OU. The description should say, "Sales user accounts". What should you do? Step #1. Click Start > Administrative Tools > Active Directory Users and Computers.
Step #2. Expand the testking.com domain.
Te
st-
Ki
ng
.co
198
Te
st-
Ki
ng
.co
Step #3. Right click on the Sales OU and select Properties.
199
Microsoft 70-640: Practice Exam Step #4. Enter the description and click Apply and OK.
Te
st-
Ki
ng
.co
200
QUESTION NO: 249
What should you do?
Step #1. Click Start > Administrative Tools > Active Directory Users and Computers.
Te
You want to add a description for the testking.com domain. The description should say, "The testking.com Active Directory".
st-
When you view the Active Directory, you notice that there is no description for the testking.com domain.
Ki
ng
.co
201
Te
st-
Ki
ng
.co
Step #2. Right click on the testking.com domain and select Properties.
202
Microsoft 70-640: Practice Exam Step #3. Enter the description then click Apply and OK.
Te
st-
Ki
ng
.co
203
A support technician named Andy Reid has created a Global Security group named Transport. The Transport group is in the Users container in Active Directory. You want to change the scope of the Transport group to be Domain Local Distribution group. What should you do?
Te
st-
Ki
ng
.co
QUESTION NO: 250
204
Step #3. Right click on the Transport group and select Properties.
Te
st-
Ki
ng
.co
Step #2. Click on the Users container in the left-hand pane.
205
Te
Step #4. Change the group type to Universal then click Apply.
st-
Ki
ng
.co
206
Te
Step #5. Change the group to Domain Local and Distribution then click Apply and OK.
st-
Ki
ng
.co
207
Te
Step #6. Click Yes at the warning prompt.
st-
Ki
ng
.co
208
QUESTION NO: 251
You want to configure DC1 so that it sends you an email every time an event with the event ID of 7036 is recorded. The email should come from the email address alerts@testking.com The email should be sent to administrator@testking.com The email title should say, "Event ID 7036 on DC1". The email body should be blank. The email should use the SMTP server address smtp.testking.com. What should you do? Step #1. Click Start > Administrative Tools > Event Viewer.
Te
st-
As part of your regular maintenance schedule, you view the event logs on a domain controller named DC1. You discover that there are a number of events with an event ID of 7036 in the System Log.
Ki
ng
.co
209
Step #2. Expand Windows Logs and click on the System Log.
Step #3. Right click on an event with the ID 7036 and select Attach Task to this Event.
Te
st-
Ki
ng
.co
210
Te
st-
Ki
ng
.co
211
Step #7. Fill in the relevant information and click Next.
Step #8. "Welcome to Certification's Main Event" - www.test-king.com 212
Te
st-
Ki
ng
.co
Step #6. Select Send an e-mail and click Next.
Microsoft 70-640: Practice Exam Click Finish.
Step #9. Click OK.
Step #10. Close Event Viewer.
The network contains a Read Only Domain Controller (RODC) named RODC1. You have reason to believe the security of RODC1 has been breached. Due to the security breach, you want to take the following actions. Delete the RODC1 computer account from Active Directory. Reset the passwords for user accounts that were cached on RODC1. Reset the passwords for computer accounts that were cached on RODC1. Export a list of accounts that were cached on RODC1 to a file named C:\accounts.txt. You are logged in to a domain controller named DC1. What should you do?
Te
st-
Ki
ng
.co
QUESTION NO: 252
213
Step #2. Click on the Domain Controllers container.
Step #3. Right click on RODC1 and select Delete.
Step #6. Click OK.
Step #7. Click Yes at the warning prompt.
Te
st-
Step #5. Tick all checkboxes and enter C:\accounts.txt then click Delete.
Ki
ng
.co
Step #4. Click Yes.
214
QUESTION NO: 253 You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista Business Edition. Testking.com users use a custom application that makes use of the PostalCode attribute of user accounts stored in Active Directory. To improve the performance of the custom application, you want to configure Active Directory to replicate the PostalCode attribute as part of the Global Catalog. You're user account is a member of the Schema Admins group. You are currently logged in to a domain controller named DC1. The Schema Management Console has been installed. What should you do?
Step #2. Expand Active Directory Schema.
Step #3. Click on Attributes and scroll down to find the PostalCode attribute.
Te
st-
Step #1. Click Start > Administrative Tools > Active Directory Schema.
Ki
ng
.co
215
Step #4. Right click on the PostalCode attribute and select Properties.
Step #5. Tick the checkbox to "Replicate this attribute to the Global Catalog" then click Apply and OK.
A domain controller named DC1 is also configured as a DNS server. You have been experiencing problems whereby some computers are failing to register their hostnames and IP addresses using Dynamic DNS (DDNS). To troubleshoot the problem, you want to enable DNS logging. You are currently logged into DC1. What should you do?
Step #1. "Welcome to Certification's Main Event" - www.test-king.com 216
Te
st-
QUESTION NO: 254
Ki
ng
Step #6. Close Active Directory Schema.
.co
Microsoft 70-640: Practice Exam Click Start > Administrative Tools > DNS.
Step #5. Close the DNS console.
QUESTION NO: 255 You work as the network administrator at TestKing.com. The TestKing.com network consists of an Active Directory domain named testking.com. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista Business Edition. A domain controller named DC1 also runs the DNS service. "Welcome to Certification's Main Event" - www.test-king.com 217
Te
st-
Step #4. Tick the checkbox to "Log packets for debugging" then click Apply and OK.
Ki
ng
.co
Step #3. Right click on DC1 and select Properties. Select the Debug Logging tab.
Microsoft 70-640: Practice Exam You have configured a new domain in the testking.com forest named testkingapps.com. IP routing between testking.com and testkingapps.com has been configured. Users in the testking.com domain frequently access resources in the testkingapps.com domain. To improve DNS name resolution performance, you want to create a conditional forwarder so that DNS requests for testkingapps.com are forwarded directly to a DNS server in the testkingapps.com domain. The conditional forwarder should replicate to all DNS servers in the domain. The testkingapps.com DNS server has an IP address of 192.168.1.200. You are currently logged on to DC1. What should you do? Step #1. Click Start > Administrative Tools > DNS.
Step #3. Right click on Conditional Forwarders and select New Conditional Forwarder.
Step #4. Enter testkingapps.com for the DNS Domain. Enter the IP address and tick the checkbox to "Store the conditional forwarder in Active Directory..."
Te
st-
Ki
ng
.co
218
QUESTION NO: 256 You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista Business Edition. A domain controller named DC1 is also configured as a DNS server. DC1 hosts the testking.com Active Directory Integrated zone. DC1 also hosts a number of other DNS zones. You want to configure DNS to automatically scavenge stale DNS records in all DNS zones. You are currently logged in to DC1. What should you do?
Step #1. Click Start > Administrative Tools > DNS.
Step #3. Right click on DC1 and select Set Aging/Scavenging for All Zones... "Welcome to Certification's Main Event" - www.test-king.com 219
Te
st-
Ki
ng
.co
Step #4. Tick the checkbox and click OK.
QUESTION NO: 257
You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista Business Edition. The network consists of a main office and a branch office. A domain controller named DC1 is also configured as a DNS server and hosts the testking.com Active Directory Integrated zone. You have deployed a DNS server named BranchDNS in the branch office. BranchDNS is configured with a secondary DNS zone for the testking.com domain. You want to configure DC1 to allow DNS zone transfers to BranchDNS only. You are currently logged on to DC1. "Welcome to Certification's Main Event" - www.test-king.com 220
Te
st-
Ki
ng
.co
Step #5. Tick the checkbox and click OK.
Microsoft 70-640: Practice Exam What should you do? Step #1. Click Start > Administrative Tools > DNS.
Step #2. Expand DC1 then expand Forward Lookup Zones.
Step #3. Right click on the testking.com zone and select Properties.
Step #5. Tick the checkbox and select "Only to the following servers" then click Edit.
Step #6. Enter branchdns.testking.com and hit Enter.
Te
st-
Step #4. Click on the Zone Transfers tab.
Ki
ng
.co
221
Step #7. Click Apply and Ok.
Testking.com has a large development department. The development department develops custom application for Testking. You are configuring a test network in the development department. The test network is a copy of the testking.com domain but is isolated from the live testking.com network. You are configuring a domain controller named DC1. DC1 also runs the DNS server service in the test network. To help keep the test network isolated from the production domain, you want to configure the DNS server on DC1 to disable Round Robin and to disable recursion. You are currently logged in to DC1 in the test network. What should you do? Step #1. Click Start > Administrative Tools > DNS.
Te
st-
Ki
ng
.co
QUESTION NO: 258
222
Step #2. Expand DC1 then right click on DC1 and select Properties.
Step #3. Click on the Advanced tab.
QUESTION NO: 259 You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista Business Edition. A domain controller named DC1 is also configured as a DNS server. DC1 hosts the Active Directory Integrated DNS zone for testking.com. Testking.com has a large Research department. A new company policy states that the Research department should have it's own domain. The new domain will be named research.testking.com. "Welcome to Certification's Main Event" - www.test-king.com 223
Te
st-
Ki
ng
.co
Step #4. Tick the checkbox to disable recursion and clear the checkbox to disable round robin. Then click Apply and OK.
Microsoft 70-640: Practice Exam A DNS server named ResearchDNS will host the research.testking.com DNS zone. To this end, you need to create a delegation to delegate authority for the research.testking.com to ResearchDNS. You are currently logged in to DC1. What should you do?
Te
st-
Ki
ng
.co
224

70-640 Test King

Caricato da

Informazioni sul documento

Descrizione originale:

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

70-640 Test King

Caricato da

Copyright:

Formati disponibili

Microsoft 70-640

70-640 TS: Windows Server 2008 Active Directory, Configuring

"Welcome to Certification's Main Event" - www.test-king.com

What should you do?

"Welcome to Certification's Main Event" - www.test-king.com

What would your reply be?

"Welcome to Certification's Main Event" - www.test-king.com

"Welcome to Certification's Main Event" - www.test-king.com

"Welcome to Certification's Main Event" - www.test-king.com

"Welcome to Certification's Main Event" - www.test-king.com

"Welcome to Certification's Main Event" - www.test-king.com

"Welcome to Certification's Main Event" - www.test-king.com

"Welcome to Certification's Main Event" - www.test-king.com

Section 2, Configure DNS server settings (12 Question)

"Welcome to Certification's Main Event" - www.test-king.com

"Welcome to Certification's Main Event" - www.test-king.com

"Welcome to Certification's Main Event" - www.test-king.com

"Welcome to Certification's Main Event" - www.test-king.com

What would you reply be?

"Welcome to Certification's Main Event" - www.test-king.com

Microsoft 70-640: Practice Exam

"Welcome to Certification's Main Event" - www.test-king.com

Microsoft 70-640: Practice Exam

Microsoft 70-640: Practice Exam Answer: D

"Welcome to Certification's Main Event" - www.test-king.com

Microsoft 70-640: Practice Exam

Microsoft 70-640: Practice Exam Answer: B

Microsoft 70-640: Practice Exam

What should you identify?

"Welcome to Certification's Main Event" - www.test-king.com

"Welcome to Certification's Main Event" - www.test-king.com

What should you inform them?

"Welcome to Certification's Main Event" - www.test-king.com

What should you do?

"Welcome to Certification's Main Event" - www.test-king.com

"Welcome to Certification's Main Event" - www.test-king.com

What should you identify?

"Welcome to Certification's Main Event" - www.test-king.com

Section 3, Configure sites (5 Questions)

"Welcome to Certification's Main Event" - www.test-king.com

"Welcome to Certification's Main Event" - www.test-king.com

What should you do?

What should you do?

"Welcome to Certification's Main Event" - www.test-king.com

Section 4, Configure Active Directory replication (10 Questions)

"Welcome to Certification's Main Event" - www.test-king.com

"Welcome to Certification's Main Event" - www.test-king.com

What is the likely reason?

What should you identify?

"Welcome to Certification's Main Event" - www.test-king.com

What should you do?

"Welcome to Certification's Main Event" - www.test-king.com

QUESTION NO: 100

"Welcome to Certification's Main Event" - www.test-king.com

QUESTION NO: 103

What should you do?

QUESTION NO: 104

"Welcome to Certification's Main Event" - www.test-king.com

QUESTION NO: 105

"Welcome to Certification's Main Event" - www.test-king.com

Microsoft 70-640: Practice Exam

"Welcome to Certification's Main Event" - www.test-king.com

Microsoft 70-640: Practice Exam