Dumps For Online Exam - Scenario Based AD Interview Questions and Answers - Microsoft 70-640 Exam PDF

7/15/2015
Dumpsforonlineexam:ScenarioBasedADInterviewQuestionsandAnswersMicrosoft70640Exam
0
More NextBlog
CreateBlog SignIn
Dumpsforonlineexam
ITILdumps,ITILquestionpaper,MCSEDUMPS,MICROSOFTDUMPS,CISCO
dumps,MCITPdumps,CITRIXDUMPS,VMWAREdumps
ICICI Lombard Online

Get Free Quick Quotes on Health, Motor & Travel Insurance. Buy Now!
Thursday,August1,2013
ScenarioBasedADInterviewQuestionsand
AnswersMicrosoft70640Exam
QUESTIONNO:1
YouhaveasingleActiveDirectorydomain.Alldomaincontrollersrun
WindowsServer2008andareconfiguredasDNSservers.Thedomain
containsoneActiveDirectoryintegratedDNSzone.Youneedtoensurethat
outdatedDNSrecordsareautomaticallyremovedfromtheDNSzone.
Whatshouldyoudo?
A.Fromthepropertiesofthezone,modifytheTTLoftheSOArecord.
B.Fromthepropertiesofthezone,enablescavenging.
C.Fromthecommandprompt,runipconfig/flushdns.
D.Fromthepropertiesofthezone,disabledynamicupdates.
Answer:B
Explanation:
ToremovetheoutdatedDNSrecordsfromtheDNSzoneautomatically,you
shouldenableScavengingthroughZoneproperties.Scavengingwillhelpyou
cleanupoldunusedrecordsinDNS.Since"cleanup"reallymeans"delete
stuff"agoodunderstandingofwhatyouaredoingandahealthyrespectfor
"deletestuff"willkeepyououtofthehotgrease.Becausedeletionisinvolved
therearequiteafewsafetyvalvesbuiltintoscavengingthattakealongtime
topop.Whenenablingscavenging,patienceisrequired.
Google+Badge
SearchThisBlog
Search
Followers
Jointhissite
withGoogleFriendConnect
Members(1)
Alreadyamember?Signin
QUESTIONNO:2
YournetworkconsistsofasingleActiveDirectorydomain.Alldomain
controllersrunWindowsServer2008R2.TheAuditaccountmanagement
policysettingandAuditdirectoryservicesaccesssettingareenabledforthe
entiredomain.
YouneedtoensurethatchangesmadetoActiveDirectoryobjectscanbe
logged.Theloggedchangesmustincludetheoldandnewvaluesofany
attributes.
Whatshouldyoudo?
A.Runauditpol.exeandthenconfiguretheSecuritysettingsoftheDomain
ControllersOU.
B.FromtheDefaultDomainControllerspolicy,enabletheAuditdirectory
serviceaccesssettingandenabledirectoryservicechanges.
http://dumps2all.blogspot.in/2013/08/scenariobasedadinterviewquestions.html
1/16
7/15/2015
C.EnabletheAuditaccountmanagementpolicyintheDefaultDomain
ControllerPolicy.
D.Runauditpol.exeandthenenabletheAuditdirectoryserviceaccess
settingintheDefaultDomainpolicy.
Answer:A
Explanation:
Tomakesurethechangesmadetoactivedirectoryobjectsareloggedand
thelogsshowtheoldandnewvaluesofanyattribute,youshouldrun
audipol.exeandconfigurethesecuritysettingsforthedomaincontrollers
OrganizationalUnit.
QUESTIONNO:3
Yourcompany,Contoso,Ltd.,hasamainofficeandabranchoffice.The
officesareconnectedbyaWANlink.ContosohasanActiveDirectoryforest
thatcontainsasingledomainnamedad.contoso.com.
Thead.contoso.comdomaincontainsonedomaincontrollernamedDC1
thatislocatedinthemainoffice.DC1isconfiguredasaDNSserverforthe
ad.contoso.comDNSzone.Thiszoneisconfiguredasastandardprimary
zone.
YouinstallanewdomaincontrollernamedDC2inthebranchoffice.You
installDNSonDC2.
YouneedtoensurethattheDNSservicecanupdaterecordsandresolve
DNSqueriesintheeventthataWANlinkfails.
Whatshouldyoudo?
A.Createanewstubzonenamedad.contoso.comonDC2.
B.Createanewstandardsecondaryzonenamedad.contoso.comonDC2.
C.ConfiguretheDNSserveronDC2toforwardrequeststoDC1.
D.Convertthead.contoso.comzoneonDC1toanActiveDirectory
integratedzone.
Answer:D
Explanation:
TomakesurethattheDNSserviceonTK2canupdaterecords and resolve
DNS queries in the event of a MAN link failure, you should convert
maks.contoso.com on TK1 to an Active Directoryintegrated zone. Active
Directoryintegrated DNS offers two pluses over traditional zones. For one,
the fault tolerance built into Active Directory eliminates the need for
primaryandsecondarynameservers.
Effectively, all nameservers using Active Directoryintegrated zones are
primary nameservers. This has a huge advantage for the use of dynamic
DNS as well: namely, the wide availability of nameservers that can accept
registrations.Recallthatdomain controllers and workstations register their
locationsandavailabilitytotheDNSzoneusingdynamicDNS.
InatraditionalDNSsetup,onlyonetypeofnameservercanacceptthese
registrationstheprimaryserver,becauseithastheonlyread/writecopyof
azone.BycreatinganActiveDirectoryintegratedzone,allWindowsServer
2008nameserversthatstoretheirzonedatainActiveDirectorycanaccepta
dynamicregistration,andthechangewillbepropagatedusingActive
Directorymultimasterreplication.
Feedjit
QUESTIONNO:4
YourcompanyhasaserverthatrunsaninstanceofActiveDirectory
LightweightDirectoryService(ADLDS).Youneedtocreatenew
organizationalunitsintheADLDSapplicationdirectorypartition.What
shouldyoudo?
A.UsethedsmodOU<OrganizationalUnitDN>commandtocreatethe
2/16
7/15/2015
organizationalunits.
B.UsetheActiveDirectoryUsersandComputerssnapinto
createtheorganizationalunitsontheADLDSapplicationdirectory
partition.
C.UsethedsaddOU<OrganizationalUnitDN>commandtocreatethe
organizationalunits.
D.UsetheADSIEditsnapintocreatetheorganizationalunitsontheAD
LDSapplicationdirectorypartition.
Answer:D
Explanation:
To create new OUs in the AD LDS application directory partition, you
should use ADSI Edit snapin. ADSI Edit is a snapin that runs in a
Microsoft Management Console (MMC). The default console containing
ADSIEditisAdsiEdit.msc.Ifthissnapinis not added in your MMC, you
candoitbyaddingthroughAdd/RemoveSnapinmenuoptionintheMMC
oryoucanopenAdsiEdit.mscfromaWindowsExplorer.
QUESTIONNO:5
YourcompanyhasanActiveDirectorydomain.Thecompanyhastwo
domaincontrollersnamedDC1andDC2.DC1holdstheSchemaMaster
role.
DC1fails.YoulogontoActiveDirectorybyusingtheadministratoraccount.
YouarenotabletotransfertheSchemaMasteroperationsrole.
YouneedtoensurethatDC2holdstheSchemaMasterrole.
Whatshouldyoudo?
A.ConfigureDC2asabridgeheadserver.
B.OnDC2,seizetheSchemaMasterrole.
C.LogoffandlogonagaintoActiveDirectorybyusinganaccountthatisa
memberoftheSchemaAdministratorsgroup.StarttheActiveDirectory
Schemasnapin.
D.RegistertheSchmmgmt.dll.StarttheActiveDirectorySchemasnapin.
Answer:B
Explanation:
ToensurethatDC2holdstheSchemaMasterrole,youshouldseizethe
SchemaMasterroleonDC2.Seizingtheschemamasterroleisadrasticstep
thatshouldbeconsideredonlyifthecurrentoperationsmasterwillneverbe
availableagain.Sototransfertheschemamasteroperationsrole,youhave
toseizeitonDC2.
QUESTIONNO:6
YourcompanyhasanActiveDirectoryforestthatrunsatthefunctionallevel
ofWindowsServer2008.
YouimplementActiveDirectoryRightsManagementServices(ADRMS).
YouinstallMicrosoftSQLServer2005.WhenyouattempttoopentheAD
RMSadministrationWebsite,youreceivethefollowingerrormessage:
"SQLServerdoesnotexistoraccessdenied."
YouneedtoopentheADRMSadministrationWebsite.
Whichtwoactionsshouldyouperform?(Eachcorrectanswerpresentspart
ofthesolution.Choosetwo.)
A.RestartIIS.
B.ManuallydeletetheServiceConnectionPointinADDSandrestartAD
RMS.
C.InstallMessageQueuing.
D.StarttheMSSQLSVCservice.
Answer:A,D
LiveTrafficFeed
AvisitorfromNewDelhi,Delhi
viewed"Dumpsforonline
exam:ScenarioBasedAD
InterviewQuestionsand
AnswersMicrosoft70640
AvisitorfromNewDelhi,Delhi
Exam"1minago
viewed"Dumpsforonline
exam:OracleUniversity
Certifications"1hr19minsago
AvisitorfromSuwanee,
Georgiaviewed"Dumpsfor
onlineexam:EX0117ITIL
FoundationDumpsUpdated
AvisitorfromTampere,
2013"2hrs9minsago
WesternFinlandviewed
"Dumpsforonlineexam:EX0
117ITILFoundationDumps
Updated2013"7hrs36mins
AvisitorfromChennai,Tamil
ago
Naduviewed"Dumpsforonline
exam:Windowsserver"9hrs51
minsago
AvisitorfromKampalaviewed
"Dumpsforonlineexam:Free
ITILDumpsExamQuestions
Version3Paper22007"11hrs
AvisitorfromBangalore,
1minago
Karnatakaviewed"Dumpsfor
onlineexam:ScenarioBased
ADInterviewQuestionsand
AnswersMicrosoft70640
AvisitorfromKampalaviewed
Exam"11hrs2minsago
"Dumpsforonlineexam:EX0
117ITILFoundationDumps
Updated2013"11hrs48mins
AvisitorfromIndiaviewed
ago
"Dumpsforonlineexam:Oracle
UniversityCertifications"12hrs
55minsago
AvisitorfromHopkins,
Minnesotaviewed"Dumpsfor
onlineexam:EX0117ITIL
FoundationDumpsUpdated
RealtimeviewGetFeedjit
BlogArchive
2014(2)
2013(74)
November(2)
October(29)
September(4)
August(4)
WindowsDHCPInterview
QuestionsandAnswers
!
DatabaseInterview
QuestionsandAnswers!
NetdomGuide
ScenarioBasedAD
InterviewQuestionsand
Answers...
July(4)
April(31)
2011(22)
3/16
7/15/2015
Explanation:
TorectifytheSQLserverproblem,youhavetorestarttheinternet
informationserver(IIS).TheIISserverwillberefreshed.Thenyoustartthe
MSSQULSVCservicetostarttheSQLserver.Thiswillenableyoutoaccess
thedatabasefromADRMSadministrationwebsite.
QUESTIONNO:7
YournetworkconsistsofanActiveDirectoryforestthatcontainsone
domainnamedcontoso.com.AlldomaincontrollersrunWindowsServer
2008R2andareconfiguredasDNSservers.
YouhavetwoActiveDirectoryintegratedzones:contoso.comand
nwtraders.com.Youneedtoensureauserisabletomodifyrecordsinthe
contoso.comzone.YoumustpreventtheuserfrommodifyingtheSOA
recordinthenwtraders.comzone.Whatshouldyoudo?
A.FromtheActiveDirectoryUsersandComputersconsole,runthe
DelegationofControlWizard.
B.FromtheActiveDirectoryUsersandComputersconsole,modifythe
permissionsoftheDomainControllersorganizationalunit(OU).
C.FromtheDNSManagerconsole,modifythepermissionsofthe
contoso.comzone.
D.FromtheDNSManagerconsole,modifythepermissionsofthe
nwtraders.comzone.
Answer:C
Explanation:
Toallowtheusertomodifyrecordsincontoso.comandpreventhim/her
frommodifyingtheSOArecordincontoso.comzone,youshouldsetthe
permissionsofcontoso.comthroughDNSManagerConsole.Yousetthe
permissionsfortheuserstomodifytherecordsincontoso.com.Bysetting
permissionononeActivedirectoryintegratedzone,youwillbepreventing
theusersfrommodifyinganythingelseontheotherzones.
QUESTIONNO:8
YourcompanyhasanActiveDirectorydomain.AllserversrunWindows
Server2008R2.YourcompanyusesanEnterpriseRootcertificateauthority
(CA).Youneedtoensurethatrevokedcertificateinformationishighly
available.Whatshouldyoudo?
A.ImplementanOnlineCertificateStatusProtocol(OCSP)responderby
usinganInternetSecurityandAccelerationServerarray.
B.Publishthetrustedcertificateauthoritieslisttothedomainbyusinga
GroupPolicyObject(GPO).
C.ImplementanOnlineCertificateStatusProtocol(OCSP)responderby
usingNetworkLoadBalancing.
D.CreateanewGroupPolicyObject(GPO)thatallowsuserstotrustpeer
certificates.LinktheGPOtothedomain.
Answer:C
Explanation:
To ensure that the revoked certificate information is available at all, you
should use the network load balancing and publish an OCSP responder.
OCSP is an online responder that can receive a request to check for
revocation of a certificate without the client having to download the entire
CRL. This process speeds up certificate revocation checking and reduces
network bandwidth used for this process. This can be helpful especially
whensuchcheckingisdownoverslowWANlinks.
QUESTIONNO:9
YouhavetwoserversnamedServer1andServer2.Bothserversrun
4/16
7/15/2015
WindowsServer2008R2.Server1isconfiguredasanenterpriseroot
certificationauthority(CA).YouinstalltheOnlineResponderroleserviceon
Server2.YouneedtoconfigureServer1tosupporttheOnlineResponder.
Whatshouldyoudo?
A.ImporttheenterpriserootCAcertificate.
B.ConfiguretheCertificateRevocationListDistributionPointextension.
C.ConfiguretheAuthorityInformationAccess(AIA)extension.
D.AddtheServer2computeraccounttotheCertPublishersgroup.
Answer:C
Explanation:
ToconfigureonlineresponderroleserviceonS1,youshouldconfigureAIA
extension.Theauthorityinformationaccessextensionindicateshowto
accessCAinformationandservicesfortheissuerofthecertificateinwhich
theextensionappears.Informationandservicesmayincludeonline
validationservicesandCApolicydata.(ThelocationofCRLsisnot
specifiedinthisextensionthatinformationisprovidedbythe
cRLDistributionPointsextension.)Thisextensionmaybeincludedin
subjectorCAcertificates,anditMUSTbenoncritical.
QUESTIONNO:10
YourcompanyhasanActiveDirectorydomain.Auserattemptstologonto
acomputerthatwasturnedofffortwelveweeks.Theadministratorreceives
anerrormessagethatauthenticationhasfailed.Youneedtoensurethatthe
userisabletologontothecomputer.Whatshouldyoudo?
A.Runthenetshcommandwiththesetandmachineoptions.
B.Resetthecomputeraccount.Disjointhecomputerfromthedomain,and
thenrejointhecomputertothedomain.
C.RunthenetdomTRUST/resetcommand.
D.RuntheActiveDirectoryUsersandComputersconsoletodisable,and
thenenablethecomputeraccount.
Answer:B
Explanation:
Toensurethattheadministratorcanlogontothecomputer,youshould
disjointhecomputerfromthedomainandrejoinitagain.Resetthe
computeraccounttoo.Duetolonginactivity,thecomputerwasnot
respondingtotheauthenticationqueryusingtheActiveDirectoryrecords.
Sowhenyoudisjoinandrejointhecomputertothedomainandresetthe
computeraccount,theActiveDirectoryrefreshesthecomputeraccount
password.Afterthattheadministratorcaneasilylogontothecomputer.
QUESTIONNO:11
YourcompanyhasanActiveDirectoryforestthatcontainsasingledomain.
ThedomainmemberserverhasanActiveDirectoryFederationServices
(ADFS)roleinstalled.YouneedtoconfigureADFStoensurethatADFS
tokenscontaininformationfromtheActiveDirectorydomain.Whatshould
youdo?
A.Addandconfigureanewaccountpartner.
B.Addandconfigureanewresourcepartner.
C.Addandconfigureanewaccountstore.
D.AddandconfigureaClaimsawareapplication.
Answer:C
Explanation:
ToconfiguretheADFStrustpolicytopopulateADFStokenswith
employee'sinformationfromActivedirectorydomain,youneedtoaddand
configureanewaccountstore.
5/16
7/15/2015
ADFSallowsthesecuresharingofidentityinformationbetweentrusted
businesspartnersacrossanextranet.WhenauserneedstoaccessaWeb
applicationfromoneofitsfederationpartners,theuser'sownorganization
isresponsibleforauthenticatingtheuserandprovidingidentity
informationintheformof"claims"tothepartnerthathoststheWeb
application.Thehostingpartnerusesitstrustpolicytomaptheincoming
claimstoclaimsthatareunderstoodbyitsWebapplication,whichusesthe
claimstomakeauthorizationdecisions.Becauseclaimsoriginatefroman
accountstore,youneedtoconfigureaccountstoretoconfiguretheADFS
trustpolicy.
QUESTIONNO:12
YounetworkconsistsofasingleActiveDirectorydomain.Alldomain
controllersrunWindowsServer2008R2.YouneedtoresettheDirectory
ServicesRestoreMode(DSRM)passwordonadomaincontroller.
Whattoolshouldyouuse?
A.ActiveDirectoryUsersandComputerssnapin
B.ntdsutil
C.LocalUsersandGroupssnapin
D.dsmod
Answer:B
Explanation:
ToresettheDSRMpasswordonasingledomaincontroller,youshoulduse
ntdsutilutility.YoucanuseNtdsutil.exetoresetthispasswordfortheserver
onwhichyouareworking,orforanotherdomaincontrollerinthedomain.
Type ntdsutil and at the ntdsutil command prompt, type set dsrm
password.
QUESTIONNO:13
Yourcompanyhasamainofficeandabranchoffice.Youdeployareadonly
domaincontroller(RODC)thatrunsMicrosoftWindowsServer2008tothe
branchoffice.Youneedtoensurethatusersatthebranchofficeareableto
logontothedomainbyusingtheRODC.Whatshouldyoudo?
A.AddanotherRODCtothebranchoffice.
B.Configureanewbridgeheadserverinthemainoffice.
C.Decreasethereplicationintervalforallconnectionobjectsbyusingthe
ActiveDirectorySitesandServicesconsole.
D.ConfigurethePasswordReplicationPolicyontheRODC.
Answer:D
Explanation:
Toensurethattheusersatthebranchofficecanlogontothedomainusing
RODC, you should use a Password Replication Policy. RODCs don't cache
any user or machine passwords. You can change this by adding a policy
through each RODC's unique Password Replication Policy (PRP). A policy
wouldcreateagroupforeachbranchofficewithaRODCandaddusersin
that branch office. An administrator, then, can allow password replication
forthebranchofficegroup.
QUESTIONNO:14
Your company has a single Active Directory domain named
intranet.adatum.com. The domain controllers run Windows Server 2008
and the DNS server role. All computers, including nondomain members,
dynamically register their DNS records. You need to configure the
intranet.adatum.com zone to allow only domain members to dynamically
6/16
7/15/2015
registerDNSrecords.Whatshouldyoudo?
A.SetdynamicupdatestoSecureOnly.
B.RemovetheAuthenticatedUsersgroup.
C.EnablezonetransferstoNameServers.
D.DenytheEveryonegrouptheCreateAllChildObjectspermission.
Answer:A
Explanation:
To make sure only the domain members are able to register their DNS
recordsdynamically,settheoptionSecureonly for Dynamic updates. This
willletonlythedomainmemberstoregistertheirDNSrecordsdynamically.
QUESTIONNO:15
Your network consists of a single Active Directory domain. All domain
controllers run Windows Server 2008 R2 and are configured as DNS
servers. A domain controller named DC1 has a standard primary zone for
contoso.com. A domain controller named DC2 has a standard secondary
zone for contoso.com. You need to ensure that the replication of the
contoso.com zone is encrypted. You must not lose any zone data. What
shouldyoudo?
A.ConverttheprimaryzoneintoanActiveDirectoryintegratedstubzone.
Deletethesecondaryzone.
B.ConverttheprimaryzoneintoanActiveDirectoryintegratedzone.Delete
thesecondaryzone.
C.Configurethezonetransfersettingsofthestandardprimaryzone.Modify
theMasterServerslistsonthesecondaryzone.
D.Onbothservers,modifytheinterfacethattheDNSserverlistenson.
Answer:B
Explanation:
Tomakesurethatthereplicationofthecontoso.comzoneisencryptedto
preventdataloss,youshouldconverttheprimaryzoneintoanactive
directoryzoneanddeletethesecondaryzone.
QUESTIONNO:16
Youaredecommissioningdomaincontrollersthatholdallforestwide
operationsmasterroles.Youneedtotransferallforestwideoperations
masterrolestoanotherdomaincontroller.Whichtworolesshouldyou
transfer?(Eachcorrectanswerpresentspartofthesolution.Choosetwo.)
A.Domainnamingmaster
B.Infrastructuremaster
C.RIDmaster
D.PDCemulator
E.Schemamaster
Answer:A,E
Explanation:
Totransferallforestwideoperationmasterrolestoanotherdomain,you
shouldtransferDomainnamingmasterandSchemamaster.Schema
Master:Theschemamasterdomaincontrollercontrolsallupdatesand
modificationstotheschema.Toupdatetheschemaofaforest,youmust
haveaccesstotheschemamaster.
Therecanbeonlyoneschemamasterinthewholeforest.Domainnaming
master:Thedomainnamingmasterdomaincontrollercontrolstheaddition
orremovalofdomainsintheforest.Therecanbeonlyonedomainnaming
masterinthewholeforest.
QUESTIONNO:17
Contoso, Ltd. has an Active Directory domain named ad.contoso.com.
7/16
7/15/2015
Fabrikam, Inc. has an Active Directory domain named

intranet.fabrikam.com. Fabrikam's security policy prohibits the transfer of
internal DNS zone data outside the Fabrikam network. You need to ensure
that the Contoso users are able to resolve names from the
intranet.fabrikam.comdomain.Whatshouldyoudo?
A.Createanewstubzonefortheintranet.fabrikam.comdomain.
B.Configureconditionalforwardingfortheintranet.fabrikam.comdomain.
C.Createastandardsecondaryzonefortheintranet.fabrikam.comdomain.
D.CreateanActiveDirectoryCintegratedzonefortheintranet.fabrikam.com
domain.
Answer:B
Explanation:
To enable a fabrikam.com user to resolve names from
intranet.fabrikam.com domain, you should set the conditional forwarding
for the intranet.fabrikam.com domain. A conditional forwarding is a DNS
query setting that enables a DNS server to route a request for a particular
nametoanotherDNSserverbyspecifyinganameandIPaddress.
QUESTIONNO:18
AnActiveDirectorydatabaseisinstalledontheCvolumeofadomain
controller.YouneedtomovetheActiveDirectorydatabasetoanewvolume.
Whatshouldyoudo?
A.Copythentds.ditfiletothenewvolumebyusingtheROBOCOPY
command.
B.Movethentds.ditfiletothenewvolumebyusingWindowsExplorer.
C.Movethentds.ditfiletothenewvolumebyrunningtheMoveitem
commandinMicrosoftWindowsPowerShell.
D.Movethentds.ditfiletothenewvolumebyusingtheFilesoptioninthe
Ntdsutilutility.
Answer:D
Explanation:
TomovetheActiveDirectorydatabasetoanewvolume,youshouldmove
thentds.ditfiletothenewvolumebyopeningtheFilesoptioninthentdsutil
utility.UseNtdsutil.exetomovethedatabasefile,thelogfiles,orbothtoa
largerexistingpartition.IfyouarenotusingNtdsutil.exewhenmovingfiles
toadifferentpartition,youwillneedtomanuallyupdatetheregistry.
QUESTIONNO:19
Yourcompanyhasfileserverslocatedinanorganizationalunitnamed
Payroll.Thefileserverscontainpayrollfileslocatedinafoldernamed
Payroll.YoucreateaGPO.Youneedtotrackwhichemployeesaccessthe
Payrollfilesonthefileservers.Whatshouldyoudo?
A.EnabletheAuditprocesstrackingoption.LinktheGPOtothe
DomainControllersorganizationalunit.Onthefileservers,configure
AuditingfortheAuthenticatedUsersgroupinthePayrollfolder.
B.EnabletheAuditobjectaccessoption.LinktheGPOtothePayroll
organizationalunit.Onthefileservers,configureAuditingfortheEveryone
groupinthePayrollfolder.
C.EnabletheAuditprocesstrackingoption.LinktheGPOtothePayroll
organizationalunit.Onthefileservers,configureAuditingfortheEveryone
D.EnabletheAuditobjectaccessoption.LinktheGPOtothedomain.On
thedomaincontrollers,configureAuditingfortheAuthenticatedUsers
8/16
7/15/2015
Answer:B
QUESTIONNO:20
YourcompanyusesaWindows2008Enterprisecertificateauthority(CA)to
issuecertificates.Youneedtoimplementkeyarchival.Whatshouldyoudo?
A.Configurethecertificateforautomaticenrollmentforthecomputersthat
storeencryptedfiles.
B.InstallanEnterpriseSubordinateCAandissueausercertificatetousers
oftheencryptedfiles.
C.ApplytheHisecdcsecuritytemplatetothedomaincontrollers.
D.Archivetheprivatekeyontheserver.
Answer:D
QUESTIONNO:21
YourcompanyhasanActiveDirectorydomainthatrunsWindowsServer
2008R2.TheSalesOUcontainsanOUforComputers,anOUforGroups,
andanOUforUsers.Youperformnightlybackups.Anadministrator
deletestheGroupsOU.YouneedtorestoretheGroupsOUwithoutaffecting
usersandcomputersintheSalesOU.Whatshouldyoudo?
A.PerformanauthoritativerestoreoftheSalesOU.
B.PerformanonauthoritativerestoreoftheSalesOU.
C.PerformanauthoritativerestoreoftheGroupsOU.
D.PerformanonauthoritativerestoreoftheGroupsOU.
Answer:C
QUESTIONNO:22
YournetworkconsistsofasingleActiveDirectorydomain.Thefunctional
leveloftheforestisWindowsServer2008R2.Youneedtocreatemultiple
passwordpoliciesforusersinyourdomain.Whatshouldyoudo?
A.FromtheGroupPolicyManagementsnapin,createmultipleGroup
Policyobjects.
B.FromtheSchemasnapin,createmultipleclassschemaobjects.
C.FromtheADSIEditsnapin,createmultiplePasswordSettingobjects.
D.FromtheSecurityConfigurationWizard,createmultiplesecurity
policies.
Answer:C
QUESTIONNO:23
YouhaveadomaincontrollerthatrunsWindowsServer2008R2andis
configuredasaDNSserver.YouneedtorecordallinboundDNSqueriesto
theserver.WhatshouldyouconfigureintheDNSManagerconsole?
A.Enabledebuglogging.
B.Enableautomatictestingforsimplequeries.
C.Configureeventloggingtologerrorsandwarnings.
D.Enableautomatictestingforrecursivequeries.
Answer:A
QUESTIONNO:24
Your company has a main office and a branch office. The company has a
singledomain Active Directory forest. The main office has two domain
controllersnamedDC1andDC2thatrunWindowsServer2008R2.The
branch office has a Windows Server 2008 R2 readonly domain controller
(RODC) named DC3. All domain controllers hold the DNS Server role and
9/16
7/15/2015
are configured as Active Directoryintegrated zones. The DNS zones only

allow secure updates. You need to enable dynamic DNS updates on DC3.
Whatshouldyoudo?
A.RuntheDnscmd.exe/ZoneResetTypecommandonDC3.
B.ReinstallActiveDirectoryDomainServicesonDC3asawritabledomain
controller.
C.CreateacustomapplicationdirectorypartitiononDC1.Configurethe
partitiontostoreActiveDirectoryintegratedzones.
D.RuntheNtdsutil.exe>DSBehaviorcommandsonDC3.
Answer:B
QUESTIONNO:25
YourcompanyhasanActiveDirectorydomainnamedad.contoso.com.The
domain has two domain controllers named DC1 and DC2. Both domain
controllershavetheDNSserverroleinstalled.
You install a new DNS server named DNS1.contoso.com on the perimeter
network. You configure DC1 to forward all unresolved name requests to
DNS1.contoso.com.
YoudiscoverthattheDNSforwardingoptionisunavailableonDC2.
YouneedtoconfigureDNSforwardingontheDC2servertopointtothe
DNS1.contoso.comserver.
A.CleartheDNScacheonDC2.
B.ConfigureconditionalforwardingonDC2.
C.ConfiguretheListenOnaddressonDC2.
D.DeletetheRootzoneonDC2.
Answer:B,D
QUESTIONNO:26
Your company has an organizational unit named Production. The
ProductionorganizationalunithasachildorganizationalunitnamedR&D.
YoucreateaGPOnamedSoftwareDeploymentandlinkittotheProduction
organizationalunit.
You create a shadow group for the R&D organizational unit. You need to
deployanapplicationtousersintheProductionorganizationalunit.
Youalsoneedtoensurethattheapplicationisnotdeployedtousersinthe
R&Dorganizationalunit.
What are two possible ways to achieve this goal? (Each correct answer
presentsacompletesolution.Choosetwo.)
A.ConfiguretheBlockInheritancesettingontheR&Dorganizationalunit.
B.ConfiguretheEnforcesettingonthesoftwaredeploymentGPO.
C.ConfiguresecurityfilteringontheSoftwareDeploymentGPOtoDeny
ApplygrouppolicyfortheR&Dsecuritygroup.
D.ConfiguretheBlockInheritancesettingontheProductionorganizational
unit.
Answer:A,C
QUESTIONNO:27
Your company has a branch office that is configured as a separate Active
Directory site and has an Active Directory domain controller. The Active
Directory site requires a local Global Catalog server to support a new
application.YouneedtoconfigurethedomaincontrollerasaGlobalCatalog
server.Whichtoolshouldyouuse?
A.TheServerManagerconsole
B.TheActiveDirectorySitesandServicesconsole
10/16
7/15/2015
C.TheDcpromo.exeutility
D.TheComputerManagementconsole
E.TheActiveDirectoryDomainsandTrustsconsole
Answer:B
QUESTIONNO:28
Yourcompanyhasamainofficeandthreebranchoffices.Thecompanyhas
an Active Directory forest that has a single domain. Each office has one
domaincontroller.Eachofficeisconfigured as an Active Directory site. All
sites are connected with the DEFAULTIPSITELINK object. You need to
decrease the replication latency between the domain controllers. What
shouldyoudo?
A.DecreasethereplicationschedulefortheDEFAULTIPSITELINKobject.
B.DecreasethereplicationintervalfortheDEFAULTIPSITELINKobject.
C.Decreasethecostbetweentheconnectionobjects.
D.Decreasethereplicationintervalforallconnectionobjects.
Answer:B
QUESTIONNO:29
Your company has two Active Directory forests named contoso.com and
fabrikam.com. Both forests run only domain controllers that run
Windows Server 2008. The domain functional level of contoso.com is
Windows Server 2008. The domain functional level of fabrikam.com is
WindowsServer2003Nativemode.Youconfigureanexternaltrustbetween
contoso.com and fabrikam.com. You need to enable the Kerberos AES
encryptionoption.Whatshouldyoudo?
A.Raisetheforestfunctionalleveloffabrikam.comtoWindowsServer
2008.
B.Raisethedomainfunctionalleveloffabrikam.comtoWindowsServer
2008.
C.Raisetheforestfunctionallevelofcontoso.comtoWindowsServer2008.
D.Createanewforesttrustandenableforestwideauthentication.
Answer:B
QUESTIONNO:30
All consultants belong to a global group named TempWorkers. You place
three file servers in a new organizational unit named SecureServers. The
three file servers contain confidential data located in shared folders. You
need to record any failed attempts made by the consultants to access the
confidential data. Which two actions should you perform? (Each correct
answerpresentspartofthesolution.Choosetwo.)
A.CreateandlinkanewGPOtotheSecureServersorganizationalunit.
ConfiguretheDenyaccesstothiscomputerfromthenetworkuserrights
settingfortheTempWorkersglobalgroup.
B.CreateandlinkanewGPOtotheSecureServersorganizationalunit.
ConfiguretheAuditprivilegeuseFailureauditpolicysetting.
C.CreateandlinkanewGPOtotheSecureServersorganizationalunit.
ConfiguretheAuditobjectaccessFailureauditpolicysetting.
D.Oneachsharedfolderonthethreefileservers,addthethreeserversto
theAuditingtab.ConfiguretheFailedFullcontrolsettingintheAuditing
Entrydialogbox.
E.Oneachsharedfolderonthethreefileservers,addtheTempWorkers
globalgrouptotheAuditingtab.ConfiguretheFailedFullcontrolsettingin
theAuditingEntrydialogbox.
Answer:C,E
11/16
7/15/2015
QUESTIONNO:31
YouhavetwoserversnamedServer1andServer2.Bothserversrun
WindowsServer2008R2.Server1isconfiguredasanEnterpriseRoot
certificationauthority(CA).YouinstalltheOnlineResponderroleserviceon
Server2.YouneedtoconfigureServer2toissuecertificaterevocationlists
(CRLs)fortheenterpriserootCA.Whichtwotasksshouldyouperform?
(Eachcorrectanswerpresentspartofthesolution.Choosetwo.)
A.ImporttheenterpriserootCAcertificate.
B.ImporttheOCSPResponseSigningcertificate.
C.AddtheServer1computeraccounttotheCertPublishersgroup.
D.SettheStartupTypeoftheCertificatePropagationservicetoAutomatic.
Answer:A,B
QUESTIONNO:32
YourcompanyhasanActiveDirectoryforest.Theforestincludes
organizationalunitscorrespondingtothefollowingfourlocations:
London
Chicago
NewYork
India
EachlocationhasachildorganizationalunitnamedSales.TheSales
organizationalunitcontainsalltheusersandcomputersfromthesales
department.
TheofficesinLondon,Chicago,andNewYorkareconnectedbyT1
connections.TheofficeinIndiaisconnectedbya256KbpsISDN
connection.
Youneedtoinstallanapplicationonallthecomputersinthesales
department.
A.CreateaGroupPolicyObject(GPO)namedOfficeInstallthatassignsthe
applicationtousers.LinktheGPOtoeachSalesorganizationalunit.
B.DisabletheslowlinkdetectionsettingintheGroupPolicyObject(GPO).
C.Configuretheslowlinkdetectionthresholdsettingto1,544Kbps(T1)in
theGroupPolicyObject(GPO).
D.CreateaGroupPolicyObject(GPO)namedOfficeInstallthatassignsthe
applicationtothecomputers.LinktheGPOtoeachSalesorganizational
unit.
Answer:B,D
QUESTIONNO:33
YourcompanyhasadomaincontrollerserverthatrunstheWindowsServer
2008R2operatingsystem.Theserverisabackupserver.Theserverhas
asingle500GBharddiskthathasthreepartitionsfortheoperatingsystem,
applications,anddata.Youperformdailybackupsoftheserver.
Theharddiskfails.Youreplacetheharddiskwithanewharddiskofthe
samecapacity.Yourestartthecomputerontheinstallationmedia.You
selecttheRepairyourcomputeroption.
Youneedtorestoretheoperatingsystemandallfiles.
Whatshouldyoudo?
A.SelecttheSystemImageRecoveryoption.
B.RuntheImagexutilityatthecommandprompt.
C.RuntheWbadminutilityatthecommandprompt.
D.RuntheRollbackutilityatthecommandprompt.
Answer:C
12/16
7/15/2015
QUESTIONNO:34
YouneedtoremovetheActiveDirectoryDomainServicesrolefroma
domaincontrollernamedDC1.Whatshouldyoudo?
A.RunthenetdomremoveDC1command.
B.RuntheDcpromoutility.RemovetheActiveDirectoryDomainServices
role.
C.Runthenltest/remove_server:DC1command.
D.ResettheDomainControllercomputeraccountbyusingtheActive
DirectoryUsersandComputersutility.
Answer:B
QUESTIONNO:35
Your company has an Active Directory forest. The company has branch
officesinthreelocations.Eachlocationhasanorganizationalunit.Youneed
toensurethatthebranchofficeadministratorsareabletocreateandapply
GPOs only to their respective organizational units. Which two actions
should you perform? (Each correct answer presents part of the solution.
Choosetwo.)
A.RuntheDelegationofControlwizardanddelegatetherighttolinkGPOs
fortheirbranchorganizationalunitstothebranchofficeadministrators.
B.AddtheuseraccountsofthebranchofficeadministratorstotheGroup
PolicyCreatorOwnersGroup.
C.ModifytheManagedBytabineachorganizationalunittoaddthebranch
officeadministratorstotheirrespectiveorganizationalunits.
D.RuntheDelegationofControlwizardanddelegatetherighttolinkGPOs
forthedomaintothebranchofficeadministrators.
Answer:A,B
QUESTIONNO:36
YourcompanyhasanActiveDirectorydomain.Auserattemptstologonto
thedomainfromaclientcomputerandreceivesthefollowingmessage:
"Thisuseraccounthasexpired.Askyouradministratortoreactivatethe
account."Youneedtoensurethattheuserisabletologontothedomain.
Whatshouldyoudo?
A.Modifythepropertiesoftheuseraccounttosettheaccounttonever
expire.
B.ModifythepropertiesoftheuseraccounttoextendtheLogonHours
setting.
C.Modifythedefaultdomainpolicytodecreasetheaccountlockout
duration.
D.Modifythepropertiesoftheuseraccounttosetthepasswordtonever
expire.
Answer:A
QUESTIONNO:37
YouhaveanexistingActiveDirectorysitenamedSite1.Youcreateanew
ActiveDirectorysiteandnameitSite2.
YouneedtoconfigureActiveDirectoryreplicationbetweenSite1andSite2.
Youinstallanewdomaincontroller.
YoucreatethesitelinkbetweenSite1andSite2.
Whatshouldyoudonext?
A.UsetheActiveDirectorySitesandServicesconsoletoassignanewIP
subnettoSite2.MovethenewdomaincontrollerobjecttoSite2.
B.UsetheActiveDirectorySitesandServicesconsoletoconfigureanew
13/16
7/15/2015
sitelinkbridgeobject.
C.UsetheActiveDirectorySitesandServicesconsoletodecreasethesite
linkcostbetweenSite1andSite2.
D.UsetheActiveDirectorySitesandServicesconsoletoconfigurethenew
domaincontrollerasapreferredbridgeheadserverforSite1.
Answer:A
QUESTIONNO:38
Your company has an Active Directory forest. Each branch office has an
organizationalunitandachildorganizational unit named Sales. The Sales
organizational unit contains all users and computers of the sales
department. You need to install an Office 2007 application only on the
computers in the Sales organizational unit. You create a GPO named
SalesAppGPO.Whatshouldyoudonext?
A.ConfiguretheGPOtoassigntheapplicationtothecomputeraccount.
LinktheSalesAPPGPOtotheSalesorganizationalunitineachlocation.
B.ConfiguretheGPOtoassigntheapplicationtothecomputeraccount.
LinktheSalesAPPGPOtothedomain.
C.ConfiguretheGPOtopublishtheapplicationtotheuseraccount.Link
theSalesAPPGPOtotheSalesorganizationalunitineachlocation.
D.ConfiguretheGPOtoassigntheapplicationtotheuseraccount.Linkthe
SalesAPPGPOtotheSalesorganizationalunitineachlocation.
Answer:A
QUESTIONNO:39
Your network consists of an Active Directory forest that contains one
domain.All domaincontrollersrunWindowsServer2008R2andare
configuredasDNSservers.YouhaveanActiveDirectoryintegratedzone.
You have two Active Directory sites. Each site contains five domain
controllers.
YouaddanewNSrecordtothezone.
Youneedtoensurethatalldomaincontrollersimmediatelyreceivethenew
NSrecord.
Whatshouldyoudo?
A.FromtheDNSManagerconsole,reloadthezone.
B.FromtheDNSManagerconsole,increasetheversionnumberoftheSOA
record.
C.Fromthecommandprompt,runrepadmin/syncall.
D.FromtheServicessnapin,restarttheDNSServerservice.
Answer:C
QUESTIONNO:40
Your company has a single Active Directory domain named
intranet.contoso.com.AlldomaincontrollersrunWindowsServer2008R2.
The domain functional level is Windows 2000 native and the forest
functionallevelisWindows2000.
YouneedtoensuretheUPNsuffixforcontoso.comisavailableforuser
accounts.
Whatshouldyoudofirst?
A.Raisetheintranet.contoso.comforestfunctionalleveltoWindowsServer
2003orhigher.
B.Raisetheintranet.contoso.comdomainfunctionalleveltoWindows
Server2003orhigher.
C.AddthenewUPNsuffixtotheforest.
14/16
7/15/2015
D.ChangethePrimaryDNSSuffixoptionintheDefaultDomain
ControllersGroupPolicyObject(GPO)tocontoso.com.
Answer:C
QUESTIONNO:41
You have a Windows Server 2008 R2 Enterprise Root CA . Security policy
preventsport443andport80frombeingopenedondomaincontrollersand
ontheissuingCA.
You need to allow users to request certificates from a Web interface. You
installtheActiveDirectoryCertificateServices(ADCS)serverrole.
Whatshouldyoudonext?
A.ConfiguretheOnlineResponderRoleServiceonamemberserver.
B.ConfiguretheOnlineResponderRoleServiceonadomaincontroller.
C.ConfiguretheCertificateEnrollmentWebServiceroleserviceona
memberserver.
D.ConfiguretheCertificateEnrollmentWebServiceroleserviceona
domaincontroller.
Answer:C
Postedbymohanmoneat1:17AM
Recommend this on Google
Labels:AD,Certifications,Microsoft
Nocomments:
PostaComment
Enteryourcomment...
Commentas:
Publish
GoogleAccount
Preview
NewerPost
Home
OlderPost
Subscribeto:PostComments(Atom)
ADD
High
performance
Labels
Compute
supermicro.com
1Y0A20(1)
TwinPro,
FatTwin,GPU,
70290(1)
2UTwin
Industrys
ActiveDirectory(4)
Broadest
Selection
AD(7)
Backup(1)
15/16
7/15/2015
CCA(2)
Certifications(21)
CISCO(1)
Citrix(5)
CompTIA(1)
database(2)
DHCP(1)
DUMPS(29)
EX0100(1)
intreview(24)
ITIL(20)
JAVA(1)
Microsoft(20)
Oracle(2)
OracleSolaris(4)
Q&A(1)
RedHats(4)
SAN(5)
SQL(1)
SUSELinux(3)
systemAdmin(2)
V3(3)
VCA(1)
VCA410DT(1)
Veritas(1)
VMWARE(9)
VMwareCertifiedAssociateDesktop(1)
WINDOWS2003(19)
Windowsserver(17)
Simpletemplate.Templateimagesbyluoman.PoweredbyBlogger.
16/16

Dumps For Online Exam - Scenario Based AD Interview Questions and Answers - Microsoft 70-640 Exam PDF

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Dumps For Online Exam - Scenario Based AD Interview Questions and Answers - Microsoft 70-640 Exam PDF

Uploaded by

Copyright:

Available Formats

7/15/2015

ICICI Lombard Online

Fabrikam, Inc. has an Active Directory domain named

are configured as Active Directoryintegrated zones. The DNS zones only

You might also like