QUESTION 191
Your network contains an Active Directory domain. The domain contains five sites. One of the sites contains a read-only domain controller (RODC) named RODC1.
You need to identify which user accounts can have their password cached on RODC1.
Which tool should you use?
A. Repadmin
B. Dcdiag
C. Get-ADDomainControllerPasswordReplicationPolicyUsage
D. Adtest
Answer: C
QUESTION 192
A network contains an Active Directory forest. The forest contains three domains and two sites.
You remove the global catalog from a domain controller named DC2. DC2 is located in Site1.
You need to reduce the size of the Active Directory database on DC2. The solution must minimize the impact on all users in Site1.
What should you do first?
A. On DC2, start the Protected Storage service.
B. On DC2, stop the Active Directory Domain Services service.
C. Start DC2 in Safe Mode.
D. Start DC2 in Directory Services Restore Mode.
Answer: B
QUESTION 193
Your network contains an Active Directory domain named adatum.com. The functional level of the domain is Windows Server 2008. All domain controllers run Windows Server 2008 R2. All client computers run Windows 7 Enterprise.
You need to receive a notification when more than 50 Active Directory objects are deleted per second.
What should you do?
A. Run the Get-ADDomain cmdlet.
B. Run the dsget.exe command.
C. Run the ntdsutil.exe command.
D. Run the ocsetup.exe command.
E. Run the dsamain.exe command.
F. Run the eventcreate.exe command.
G. Create a Data Collector Set (DCS).
H. Create custom views from Event Viewer.
I. Configure subscriptions from Event Viewer.
J. Import the Active Directory module for Windows PowerShell.
Answer: G
QUESTION 194
You have an enterprise subordinate certification authority (CA).
You have a custom certificate template that has a key length of 1,024 bits. The template is enabled for autoenrollment.
You increase the template key length to 2,048 bits.
You need to ensure that all current certificate holders automatically enroll for a certificate that uses the new template.
Which console should you use?
A. Group Policy Management MMC Snap-In
B. Certificates MMC Snap-In on the Certificate Authority
C. Certificate Templates MMC Snap-In
D. Certification Authority MMC Snap-In
Answer: C
QUESTION 195
Your network contains an Active Directory forest. The forest contains one domain named contoso.com.
You attempt to create a new child domain and you receive the following error message: “An LDAP read of operational attributes failed.”
You need to ensure that you can add a new child domain to the forest.
What should you do?
A. Move the PDC emulator role.
B. Move the RID master role.
C. Move the infrastructure master role.
D. Move the schema master role.
E. Move the domain naming master role.
F. Move the global catalog server.
G. Move the bridgehead server.
H. Install a read-only domain controller (RODC).
I. Deploy an additional global catalog server.
J. Restart the Active Directory Domain Services (AD DS) service.
Answer: E
QUESTION 196
Your network contains an Active Directory domain named adatum.com. The functional level of the domain is Windows Server 2003. All domain controllers run Windows Server 2008 R2.
You mount an Active Directory snapshot.
You need to ensure that you can connect to the snapshot by using LDAP.
What should you do?
A. Run the Get-ADDomain cmdlet.
B. Run the dsget.exe command.
C. Run the ntdsutil.exe command.
D. Run the ocsetup.exe command.
E. Run the dsamain.exe command.
F. Run the eventcreate.exe command,
G. Create a Data Collector Set (DCS).
H. Create custom views from Event Viewer.
I. Configure subscriptions from Event Viewer.
J. Import the Active Directory module for Windows PowerShell.
Answer: E
QUESTION 197
Your network contains an Active Directory domain named contoso.com.
You have an organizational unit (OU) named Sales and an OU named Engineering.
You need to ensure that when users log on to client computers, they are added automatically to the local Administrators group. The users must be removed from the group when they log off of the client computers.
What should you do?
A. Modify the Group Policy permissions.
B. Enable block inheritance.
C. Configure the link order.
D. Enable loopback processing in merge mode.
E. Enable loopback processing in replace mode.
F. Configure WMI filtering.
G. Configure Restricted Groups.
H. Configure Group Policy Preferences.
I. Link the Group Policy object (GPO) to the Sales OU.
J. Link the Group Policy object (GPO) to the Engineering OU.
Answer: H
QUESTION 198
Your network contains an Active Directory forest named contoso.com. The forest contains two member servers named Server1 and Server2. Server1 and Server2 have the DNS Server server role installed.
Server1 hosts a standard primary zone for contoso.com. Server2 is configured as a secondary name server for contoso.com.
You experience issues with the copy of the zone on Server2,
You verify that both copies of the zone have the same serial number.
You need to transfer a complete copy of the zone from Server1 to Server2.
What should you do on Server2?
A. From DNS Manager, right-click contoso.com and click Transfer from Master.
B. From Services, right-click DNS Server and click Refresh.
C. From Services, right-click DNS Server and click Restart.
D. From DNS Manager, right-click contoso.com and click Reload.
E. From DNS Manager, right-click contoso.com and click Transfer a new copy of zone from Master.
Answer: E
QUESTION 199
Your network contains an Active Directory domain. The domain contains two Active Directory sites named Site1 and Site2. Site1 contains two domain controllers named DC1 and DC2. Site2 contains two domain controller named DC3 and DC4,
The functional level of the domain is Windows Server 2008 R2. The functional level of the forest is Windows Server 2003.
Active Directory replication between Site1 and Site2 occurs from 20:00 to 01:00 every day.
At 07:00, an administrator deletes a user account while he is logged on to DC1.
You need to restore the deleted user account. You want to achieve this goal by using the minimum amount of administrative effort.
What should you do?
A. On DC3, stop Active Directory Domain Services, perform an authoritative restore, and then start Active
Directory Domain Services.
B. On DC3, run the Restore-ADObject cmdlet.
C. On DC1, run the Restore-ADObject cmdlet.
D. On DC1, stop Active Directory Domain Services, restore the SystemState, and then start Active Directory
Domain Services.
Answer: A
QUESTION 200
You create a standard primary zone for contoso.com.
You need to specify a user named Admin1 as the person responsible for managing the zone.
What should you do? (Each correct answer presents a complete solution. Choose two.)
A. Open the %Systemroot\System32\DNS\Contoso.com.dns file by using Notepad and change all instances
of “hostmaster.contoso.com” to “admin1.contoso.com”.
B. From DNS Manager, open the properties of the Start of Authority (SOA) record ofcontoso.com, Specify
admin1.contoso.com as the responsible person.
C. Open the %Systemroot\System32\DNS\Contoso.com.dns file by using Notepad and change all instances
of “[email protected]” to “[email protected]”.
D. From DNS Manager, open the properties of the Start of Authority (SOA) record ofcontoso.com.
Specify [email protected] as the responsible person.
Answer: BC
If you want to pass Microsoft 70-640 successfully, donot missing to read latest lead2pass Microsoft 70-640 practice exams.
If you can master all lead2pass questions you will able to pass 100% guaranteed.