QUESTION 251
You need to compact an Active Directory database on a domain controller that runs Windows Server 2008 R2. What should you do?
A. Run defrag.exe /a /c.
B. Run defrag.exe /c /u.
C. From Ntdsutil, use the Files option.
D. From Ntdsutil, use the Metadata cleanup option.
Answer: C
QUESTION 252
Your network contains an Active Directory domain named contoso.com. Contoso.com contains three servers. The servers are configured as shown in the following table.
You need to ensure that users can manually enroll and renew their certificates by using the Certificate Enrollment Web Service. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Configure the policy module settings.
B. Configure the issuance requirements for the certificate templates.
C. Configure the Certificate Services Client – Certificate Enrollment Policy Group Policy setting.
D. Configure the delegation settings for the Certificate Enrollment Web Service application pool account.
Answer: BC
QUESTION 253
Your network contains an Active Directory domain named contoso.com. Contoso.com contains a member server that runs Windows Server 2008 Standard. You need to install an enterprise subordinate certification authority (CA) that supports private key archival. You must achieve this goal by using the minimum amount of administrative effort. What should you do first?
A. Initialize the Trusted Platform Module (TPM).
B. Upgrade the member server to Windows Server 2008 R2 Standard.
C. Install the Certificate Enrollment Policy Web Service role service on the member server.
D. Run the Security Configuration Wizard (SCW) and select the Active Directory Certificate Services –
Certification Authority server role template check box.
Answer: B
QUESTION 254
You have an enterprise subordinate certification authority (CA). You have a custom Version 3
certificate template. Users can enroll for certificates based on the custom certificate template by using the Certificates console. The certificate template is unavailable for Web enrollment. You need to ensure that the certificate template is available on the Web enrollment pages. What should you do?
A. Run certutil.exe Cpulse.
B. Run certutil.exe Cinstallcert.
C. Change the certificate template to a Version 2 certificate template.
D. On the certificate template, assign the Autoenroll permission to the users.
Answer: C
QUESTION 255
Your network contains an Active Directory domain. The domain contains a member server named Server1 that runs Windows Server 2008 R2. You need to configure Server1 as a global catalog server. What should you do?
A. Modify the Active Directory schema.
B. From Ntdsutil, use the Roles option.
C. Run the Active Directory Domain Services Installation Wizard on Server1.
D. Move the Server1 computer object to the Domain Controllers organizational unit (OU).
Answer: C
QUESTION 256
Your network contains three Active Directory forests named Forest1, Forest2, and Forest3. Each forest contains three domains.
A two-way forest trust exists between Forest1 and Forest2. A two-way forest trust exists between Forest2 and Forest3.
You need to configure the forests to meet the following requirements:
Users in Forest3 must be able to access resources in Forest1
Users in Forest1 must be able to access resources in Forest3.
The number of trusts must be minimized.
What should you do?
A. In Forest2, modify the name suffix routing settings.
B. In Forest1 and Forest3, configure selective authentication.
C. In Forest1 and Forest3, modify the name suffix routing settings.
D. Create a two-way forest trust between Forest1 and Forest3.
E. Create a shortcut trust in Forest1 and a shortcut trust in Forest3.
Answer: D
QUESTION 257
Your network contains an Active Directory domain. All domain controller run Windows Server 2003. You replace all domain controllers with domain controllers that run Windows Server 2008 R2. You raise the functional level of the domain to Windows Server 2008 R2. You need to minimize the amount of SYSVOL replication traffic on the network. What should you do?
A. Raise the functional level of the forest to Windows Server 2008 R2.
B. Modify the path of the SYSVOL folder on all of the domain controllers.
C. On a global catalog server, run repadmin.exe and specify the KCC parameter.
D. On the domain controller that holds the primary domain controller (PDC) emulator FSMO role, run dfsrmig.exe.
Answer: C
QUESTION 258
Your network contains an Active Directory forest. The forest contains two domain controllers. The domain controllers are configured as shown in the following table.
All client computers run Windows 7. You need to ensure that all client computers in the domain keep the same time as an external time server. What should you do?
A. From DC1, run the time command.
B. From DC2, run the time command.
C. From DC1, run the w32tm.exe command.
D. From DC2, run the w32tm.exe command.
Answer: D
QUESTION 259
Your network contains an Active Directory domain named contoso.com. Contoso.com contains two domain controllers. The domain controllers are configured as shown in the following table.
All client computers have IP addresses in the 10.1.2.1 to 10.1.2.240 range. You need to minimize the number of client authentication requests sent to DC2. What should you do?
A. Create a new site named Site1. Create a new subnet object that has the 10.1.1.0/24 prefix and assign
the subnet to Site1. Move DC1 to Site1.
B. Create a new site named Site1. Create a new subnet object that has the 10.1.1.1/32 prefix and assign
the subnet to Site1. Move DC1 to Site1.
C. Create a new site named Site1. Create a new subnet object that has the 10.1.1.2/32 prefix and assign
the subnet to Site1. Move DC2 to Site1.
D. Create a new site named Site1. Create a new subnet object that has the 10.1.2.0/24 prefix and assign
the subnet to Site1. Move DC2 to Site1.
Answer: C
QUESTION 260
Active Directory Rights Management Services (AD RMS) is deployed on your network. You need to configure AD RMS to use Kerberos authentication. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Register a service principal name (SPN) for AD RMS.
B. Register a service connection point (SCP) for AD RMS.
C. Configure the identity setting of the _DRMSAppPool1 application pool.
D. Configure the useAppPoolCredentials attribute in the Internet Information Services (IIS)
Answer: AD
If you want to pass Microsoft 70-640 successfully, donot missing to read latest lead2pass Microsoft 70-640 exam questions.
If you can master all lead2pass questions you will able to pass 100% guaranteed.