QUESTION 201
Your network contains an Active Directory forest named contoso.com. The functional level of the forest is Windows Server 2008 R2.
The DNS zone for contoso.com is Active Directory-integrated.
You deploy a read-only domain controller (RODC) named R0DC1. You install the DNS Server server role on R0DC1.
You discover that R0DC1 does not have any DNS application directory partitions.
You need to ensure that R0DC1 has a copy of the DNS application directory partition of contoso.com.
What should you do? (Each correct answer presents a complete solution. Choose two.)
A. From DNS Manager, right-click RODC1 and click Create Default Application Directory Partitions.
B. Run ntdsutil.exe. From the Partition Management context, run the create nc command.
C. Run dnscmd.exe and specify the /createbuiltindirectorypartitions parameter.
D. Run ntdsutil.exe. From the Partition Management context, run the add nc replica command.
E. Run dnscmd.exe and specify the /enlistdirectorypartition parameter.
Answer: AC
QUESTION 202
A corporate network includes an Active Directory-integrated zone. All DNS servers that host the zone are domain controllers.
You add multiple DNS records to the zone.
You need to ensure that the new records are available on all DNS servers as soon as possible.
Which tool should you use?
A. Ntdsutil
B. Dnscmd
C. Repadmin
D. Nslookup
Answer: C
QUESTION 203
Your network contains three servers named ADFS1, ADFS2, and ADFS3 that run Windows Server 2008 R2. ADFS1 has the Active Directory Federation Services (AD FS) Federation Service role service installed.
You plan to deploy AD FS 2.0 on ADFS2 and ADFS3.
You need to export the token-signing certificate from ADFS1, and then import the certificate to ADFS2 and ADFS3.
A. Personal Information Exchange PKCS #12 (.pfx)
B. DER encoded binary X.509 (.cer)
C. Cryptographic Message Syntax Standard PKCS #7 (.p7b)
D. Base-64 encoded X.S09 (.cer)
Answer: A
QUESTION 204
You create a user account template for the marketing department.
When you copy the user account template, you discover that the Web page attribute is not copied.
You need to preserve the Web page attribute when you copy the user account template.
What should you do?
A. From Active Directory Administrative Center, modify the value of the wWWHomePage attribute for the
user account template.
B. From the Active Directory Schema snap-in, modify the properties of the user class.
C. From Active Directory Users and Computers, modify the value of the wWWHomePage attribute for the
user account template.
D. From ADSI Edit, modify the properties of the wWWHomePage attribute.
Answer: B
QUESTION 205
Your network contains an Active Directory domain named contoso.com. The functional level of the forest is Windows Server 2008 R2.
The Default Domain Controller Policy Group Policy object (GPO) contains audit policy settings.
On a domain controller named DC1, an administrator configures the Advanced Audit Policy Configuration settings by using a local GPO.
You need to identify what will be audited on DC1.
Which tool should you use?
A. Get-ADObject
B. Secedit
C. Security Configuration and Analysis
D. Auditpol
Answer: D
QUESTION 206
A network contains an Active Directory forest. The forest schema contains a custom attribute for user objects.
You need to view the custom attribute value of 500 user accounts in a Microsoft Excel table.
Which tool should you use?
A. Dsmod
B. Csvde
C. Ldifde
D. Dsrm
Answer: B
QUESTION 207
Your network contains an Active Directory forest named contoso.com. The forest contains two domains named contoso.com and child.contoso.com. All domain controllers run Windows Server 2008. All forest-wide operations master roles are in child.contoso.com.
An administrator successfully runs adprep.exe /forestprep from the Windows Server 2008 R2 Service Pack 1 (SP1) installation media.
You plan to run adprep.exe /domainprep in each domain.
You need to ensure that you have the required user rights to run the command successfully in each domain.
Of which groups should you be a member? (Each correct answer presents part of the solution.
Choose two.)
A. Administrators in child.contoso.com
B. Enterprise Admins in contoso.com
C. Domain Admins in child.contoso.com
D. Domain Admins in contoso.com
E. Administrators in contoso.com
F. Schema Admins in contoso.com
Answer: CD
QUESTION 208
Your network contains an Active Directory forest named contoso.com. The forest contains a single domain and 10 domain controllers. All of the domain controllers run Windows Server 2008 R2 Service Pack 1 (SP1).
The forest contains an application directory partition named dc=app1, dc=contoso,dc=com. A domain controller named DC1 has a copy of the application directory partition.
You need to configure a domain controller named DC2 to receive a copy of dc=app1, dc=contoso,dc=corn.
Which tool should you use?
A. Active Directory Sites and Services
B. Dsmod
C. Dcpromo
D. Dsmgmt
Answer: B
QUESTION 209
A corporate environment includes a Windows Server 2008 R2 Active Directory Domain Services (AD DS) domain.
You need to enable Universal Group Membership Caching on several domain controllers in the domain.
Which tool should you use?
A. Dsmod
B. Dscmd
C. Ntdsutil
D. Active Directory Sites and Services console
Answer: D
QUESTION 210
Your network contains an Active Directory forest. The forest contains three domains. All domain controllers have the DNS Server server role installed.
The forest contains three sites named Site1, Site2, and Site3. Each site contains the users, client computers, and domain controllers of each domain. Site1 contains the first domain controller deployed to the forest.
The sites connect to each other by using unreliable WAN links.
The users in Site2 and Site3 report that is takes a long time to log on to their client computer when they use their user principal name (UPN). The users in Site1 do not experience the same issue.
You need to reduce the amount of time it takes for the Site2 users and the Site3 users to log on to their client computer by using their UPN.
What should you do?
A. Configure a global catalog server in Site2 and a global catalog server in Site3.
B. Reduce the replication interval of the site links.
C. Move a primary domain controller (PDC) emulator to Site2 and to Site3.
D. Add additional domain controllers to Site2 and to Site3.
E. Reduce the cost of the site links.
F. Enable universal group membership caching in Site2 and in Site3.
Answer: A
If you want to pass Microsoft 70-640 successfully, donot missing to read latest lead2pass Microsoft 70-640 dumps.
If you can master all lead2pass questions you will able to pass 100% guaranteed.