QUESTION 331
Your network contains an Active Directory domain. All DNS servers are domain controllers. You view the properties of the DNS zone as shown in the exhibit. (Click the Exhibit button.)
You need to ensure that only domain members can register DNS records in the zone. What should you do first?
A. Modify the zone type.
B. Create a trust anchor.
C. Modify the Advanced properties of the DNS server.
D. Modify the Dynamic updates setting.
Answer: A
QUESTION 332
Your company has a single Active Directory forest with a single domain. Consultants in different departments of the company require access to different network resources. The consultants belong to a global group named TempWorkers. Three file servers are placed in a new
organizational unit named SecureServers. The file servers contain confidential data in shared folders. You need to prevent the consultants from accessing the confidential data.
What should you do?
A. Create a new Group Policy Object (GPO) and link it to the SecureServers organizational unit. Assign
the Deny access to this computer from the network user right to the TempWorkers global group.
B. Create a new Group Policy Object (GPO) and link it to the domain. Assign the Deny access to this
computer from the network user right to the TempWorkers global group.
C. On the three file servers, create a share on the root of each hard disk. Configure the Deny Full control
permission for the TempWorkers global group on the share.
D. Create a new Group Policy Object (GPO) and link it to the domain. Assign the Deny log on locally user
right to the TempWorkers global group.
E. Create a new Group Policy Object (GPO) and link it to the SecureServers organizational unit. Assign
the Deny log on locally user right to the TempWorkers global group.
Answer: A
QUESTION 333
Your network contains two Active Directory forests named contoso.com and nwtraders.com. The functional level of both forests is Windows Server 2003. Contoso.com contains one domain. Nwtraders.com contains two domains. You need to ensure that users in contoso.com can access the resources in all domains. The solution must require the minimum number of trusts.
Which type of trust should you create?
A. external
B. forest
C. realm
D. shortcut
Answer: B
QUESTION 334
You install an Active Directory domain in a test environment.
You need to reset the passwords of all the user accounts in the domain from a domain controller.
Which two Windows PowerShell commands should you run? (Each correct answer presents part of the solution, choose two.)
A. $ newPassword = *
B. Import-Module ActiveDirectory
C. Import-Module WebAdministration
D. Get- AdUser -filter * | Set- ADAccountPossword – NewPassword $ newPassword – Reset
E. Set- ADAccountPossword – NewPassword – Reset
F. $ newPassword = (Read-Host – Prompt “New Password” – AsSecureString )
G. Import-Module ServerManager
Answer: DF
QUESTION 335
Your network contains two forests named adatum.com and litwareinc.com. The functional level of all the domains is Windows Server 2003. The functional level of both forests is Windows 2000.
You need to create a forest trust between adatum.com and litwareinc.com.
What should you do first?
A. Create an external trust.
B. Raise the functional level of both forests.
C. Configure SID filtering.
D. Raise the functional level of all the domains.
Answer: B
QUESTION 336
Your network contains an Active Directory forest named adatum.com.
All client computers used by the marketing department are in an organizational unit (OU) named Marketing Computers. All user accounts for the marketing department are in an OU named Marketing Users.
You purchase a new application.
You need to ensure that every user in the domain who logs on to a marketing department computer can use the application. The application must only be available from the marketing department computers.
What should you do?
A. Create and link a Group Policy object (GPO) to the Marketing Users OU. Copy the installation package
to a shared folder on the network. Assign the application.
B. Create and link a Group Policy object (GPO) to the Marketing Computers OU. Copy the installation
package to a shared folder on the network. Assign the application.
C. Create and link a Group Policy object (GPO) to the Marketing Computers OU. Copy the installation
package to a local drive on each marketing department computer. Publish the application.
D. Create and link a Group Policy object (GPO) to the Marketing Users OU. Copy the installation package
to a folder on each marketing department computer. Publish the application.
Answer: B
QUESTION 337
Your network contains an Active Directory forest named adatum.com.
You need to create an Active Directory Rights Management Services (AD RMS) licensing-only cluster.
What should you install before you create the AD RMS root cluster?
A. The Failover Cluster feature
B. The Active Directory Certificate Services (AD CS) role
C. Microsoft Exchange Server 2010
D. Microsoft SharePoint Server 2010
E. Microsoft SQL Server 2008
Answer: E
QUESTION 338
Your network contains an Active Directory domain named contoso.com. The contoso.com domain contains a domain controller named DC1.
You create an Active Directory-integrated GlobalNames zone. You add an alias (CNAME) resource record named Server1 to the zone. The target host of the record is server2.contoso.com.
When you ping Server1, you discover that the name fails to resolve. You are able to successfully ping server2.contoso.com.
You need to ensure that you can resolve names by using the GlobalNames zone.
Which command should you run?
A. Dnscmd DCl.contoso.com /ZoneAdd GlobalNames /DsPrimary /DP /domain
B. Dnscmd DCl.contoso.com /config /Enableglobalnamessupport forest
C. DnscmdDCl.contoso.com/config/Enableglobalnamessupport 1
D. Dnscmd DCl.contoso.com /ZoneAdd GlobalNames /DsPrimary /DP /forest
Answer: C
QUESTION 339
Your network contains an Active Directory domain named contoso.com.
The network has a branch office site that contains a read-only domain controller (RODC) named R0DC1. R0DC1 runs Windows Server 2008 R2.
A user logs on to a computer in the branch office site.
You discover that the user’s password is not stored on R0DC1.
You need to ensure that the user’s password is stored on RODC1 when he logs on to a branch office site computer.
What should you do?
A. Modify the RODC s password replication policy by removing the entry for the Allowed RODC Password
Replication Group.
B. Modify the RODC’s password replication policy by adding R0DC1’s computer account to the list of allowed
users, groups, and computers.
C. Add the user’s user account to the built-in Allowed RODC Password Replication Group on R0DC1.
D. Add R0DC1’s computer account to the built-in Allowed RODC Password Replication Group on R0DC1.
Answer: C
QUESTION 340
You deploy an Active Directory Federation Services (AD FS) Federation Service Proxy on a server named Server1.
You need to configure the Windows Firewall on Server1 to allow external users to authenticate by using AD FS.
Which protocol should you allow on Server1?
A. Kerberos
B. SSL
C. SMB
D. RPC
Answer: B
If you want to pass Microsoft 70-640 successfully, donot missing to read latest lead2pass Microsoft 70-640 exam questions.
If you can master all lead2pass questions you will able to pass 100% guaranteed.