It is more faster and easier to pass the by using . Immediate access to the and find the same core area with professionally verified answers, then PASS your exam with a high score now.

Free 70-640 Demo Online For Microsoft Certifitcation:

NEW QUESTION 1
Your network contains two forests named adatum.com and litwareinc.com. The functional level of all the domains is Windows Server 2003. The functional level of both forests is Windows 2000.
You need to create a forest trust between adatum.com and litwareinc.com.
What should you do first?

  • A. Create an external trus
  • B. Raise the functional level of both forest
  • C. Configure SID filterin
  • D. Raise the functional level of all the domain

Answer: B

Explanation:
http://technet.microsoft.com/en-us/library/cc771397.aspx
When to create a forest trust
You can create a forest trust between forest root domains if the forest functional level is Windows Server 2003 or higher.

NEW QUESTION 2
Your network contains an Active Directory domain. The domain is configured as shown in the exhibit. (Click the Exhibit button.)
70-640 dumps exhibit
Each organizational unit (OU) contains over 500 user accounts.
The Finance OU and the Human Resources OU contain several user accounts that are members of a universal group named Group1.
You have a Group Policy object (GPO) linked to the domain.
You need to prevent the GPO from being applied to the members of Group1 only.
What should you do?

  • A. Modify the Group Policy permission
  • B. Enable block inheritanc
  • C. Configure the link orde
  • D. Enable loopback processing in merge mod
  • E. Enable loopback processing in replace mod
  • F. Configure WMI filterin
  • G. Configure Restricted Group
  • H. Configure Group Policy PExplanation
  • I. Link the GPO to the Finance O
  • J. Link the GPO to the Human Resources O

Answer: A

Explanation:
MS Press - Self-Paced Training Kit (Exam 70-640) (2nd Edition, July 2012) page 285, 286
Using Security Filtering to Modify GPO Scope
By now, you’ve learned that you can link a GPO to a site, domain, or OU. However, you might need to apply GPOs only to certain groups of users or computers rather than to all users or computers within the scope of the GPO. Although you cannot directly link a GPO to a security group, there is a way to apply GPOs to specific security groups. The policies in a GPO apply only to users who have Allow Read and Allow Apply Group Policy permissions to the GPO.
Each GPO has an access control list (ACL) that defines permissions to the GPO. Two permissions, Allow Read and Allow Apply Group Policy, are required for a GPO to apply to a user or computer. If a GPO is scoped to a computer (for example, by its link to the computer’s OU), but the computer does not have Read and Apply Group Policy permissions, it will not download and apply the GPO. Therefore, by setting the appropriate permissions for security groups, you can filter a GPO so that its settings apply only to the computers and users you specify.
Filtering a GPO to Apply to Specific Groups
To apply a GPO to a specific security group, perform the following steps:
4. Select the GPO in the Group Policy Objects container in the console tree.
5. In the Security Filtering section, select the Authenticated Users group and click Remove.
6. Click OK to confirm the change.
7. Click Add.
8. Select the group to which you want the policy to apply and click OK.

NEW QUESTION 3
Your network contains an Active Directory domain named fabrikam.com. The domain has one Active Directory site.
The domain contains an organizational unit (OU) named SalesOU. SalesOU contains all of the user accounts for the sales department. Some of the sales users are temporary employees.
You apply a Group Policy object (GPO) named SalesGPO to SalesOU.
You need to prevent SalesGPO from being applied to the temporary sales employees. All other sales employees must have SalesGPO applied to them.
What should you do?

  • A. Configure the permissions on the user accounts of the temporary sales employee
  • B. Configure the permissions of SalesGP
  • C. Link SalesGPO to the site and remove the link for SalesGPO from SalesO
  • D. Disable the computer configurations of SalesGP

Answer: B

NEW QUESTION 4
You have a domain controller named Server1 that runs Windows Server 2008 R2.
You need to determine the size of the Active Directory database on Server1.
What should you do?

  • A. Run the Active Directory Sizer too
  • B. Run the Active Directory Diagnostics data collector se
  • C. From Windows Explorer, view the properties of the %systemroot%\ntds\ntds.dit fil
  • D. From Windows Explorer, view the properties of the %systemroot%\sysvol\domain folde

Answer: C

Explanation:
http://technet.microsoft.com/en-us/library/cc961761.aspx Directory Data Store Active Directory data is stored in the Ntds.dit ESE database file. Two copies of Ntds.dit are present in separate locations on a given domain controller: %SystemRoot%\NTDS\Ntds.dit This file stores the database that is in use on the domain controller. It contains the values for the domain and a replica of the values for the forest (the Configuration container data). %SystemRoot%\System32\Ntds.dit This file is the distribution copy of the default directory that is used when you promote a Windows 2000 – based computer to a domain controller. The availability of this file allows you to run the Active Directory Installation Wizard (Dcpromo.exe) without your having to use the Windows 2000 Server operating system CD. During the promotion process, Ntds.dit is copied from the %SystemRoot% \System32 directory into the %SystemRoot%\NTDS directory. Active Directory is then started from this new copy of the file, and replication updates the file from other domain controllers.

NEW QUESTION 5
As the Company administrator you had installed a read-only domain controller (RODC) server at remote location.
The remote location doesn't provide enough physical security for the server.
What should you do to allow administrative accounts to replicate authentication information to Read-Only Domain Controllers?

  • A. Remove any administrative accounts from RODC's group
  • B. Add administrative accounts to the domain Allowed RODC Password Replication group
  • C. Set the Deny on Receive as permission for administrative accounts on the RODC computer account Security tab for the Group Policy Object (GPO)
  • D. Configure a new Group Policy Object (GPO) with the Account Lockout settings enable
  • E. Link the GPO to the remote locatio
  • F. Activate the Read Allow and the Apply group policy Allow permissions for the administrators on the Security tab for the GP
  • G. None of the above

Answer: B

Explanation:
70-640 dumps exhibit
C:\Documents and Settings\usernwz1\Desktop\1.PNG
http://technet.microsoft.com/en-us/library/cc730883%28v=ws.10%29.aspx Password Replication Policy When you initially deploy an RODC, you must configure the Password Replication Policy on the writable domain controller that will be its replication partner. The Password Replication Policy acts as an access control list (ACL). It determines if an RODC should be permitted to cache a password. After the RODC receives an authenticated user or computer logon request, it refers to the Password Replication Policy to determine if the password for the account should be cached. The same account can then perform subsequent logons more efficiently. The Password Replication Policy lists the accounts that are permitted to be cached, and accounts that are explicitly denied from being cached. The list of user and computer accounts that are permitted to be cached does not imply that the RODC has necessarily cached the passwords for those accounts. An administrator can, for example, specify in advance any accounts that an RODC will cache. This way, the RODC can authenticate those accounts, even if the WAN link to the hub site is offline.
Password Replication Policy Allowed and Denied lists Two new built-in groups are introduced in Windows Server 2008 Active Directory domains to support RODC operations. These are the Allowed RODC Password Replication Group and Denied RODC Password Replication Group. These groups help implement a default Allowed List and Denied List for the RODC Password Replication Policy. By default, the two groups are respectively added to the msDS-RevealOnDemandGroup and msDSNeverRevealGroup Active Directory attributes mentioned earlier. By default, the Allowed RODC Password Replication Group has no members. Also by default, the Allowed List attribute contains only the Allowed RODC Password Replication Group. By default, the Denied RODC Password Replication Group contains the following members: Enterprise Domain Controllers Enterprise Read-Only Domain Controllers Group Policy Creator Owners Domain Admins Cert Publishers Enterprise Admins Schema Admins Domain-wide krbtgt account By default, the Denied List attribute contains the following security principals, all of which are built-in groups: Denied RODC Password Replication Group Account Operators Server Operators Backup Operators Administrators The combination of the Allowed List and Denied List attributes for each RODC and the domain-wide Denied RODC Password Replication Group and Allowed RODC Password Replication Group give administrators great flexibility. They can decide precisely which accounts can be cached on specific RODCs. The following table summarizes the three possible administrative models for the Password Replication Policy.
70-640 dumps exhibit
C:\Documents and Settings\usernwz1\Desktop\1.PNG

NEW QUESTION 6
Your network contains an Active Directory domain named adatum.com. The functional level of the domain is Windows Server 2008. All domain controllers run Windows Server 2008 R2. All client computers run Windows 7 Enterprise.
You need to receive a notification when more than 50 Active Directory objects are deleted per second.
What should you do?

  • A. Run the Get-ADDomain cmdle
  • B. Run the dsget.exe comman
  • C. Run the ntdsutil.exe comman
  • D. Run the ocsetup.exe comman
  • E. Run the dsamain.exe comman
  • F. Run the eventcreate.exe comman
  • G. Create a Data Collector Set (DCS).
  • H. Create custom views from Event Viewe
  • I. Configure subscriptions from Event Viewe
  • J. Import the Active Directory module for Windows PowerShel

Answer: G

Explanation:
http://technet.microsoft.com/en-us/magazine/ff458614.aspx
Configure Windows Server 2008 to Notify you when Certain Events Occur
You can configure alerts to notify you when certain events occur or when certain performance thresholds are reached. You can send these alerts as network messages and as events that are logged in the application event log. You can also configure alerts to start applications and performance logs.
To configure an alert, follow these steps:
1. In Performance Monitor, under the Data Collector Sets node, right-click the User-Defined node in the left pane, point to New, and then choose Data Collector Set.
2. (...)
3. In the Performance Counters panel, select the first counter, and then use the Alert When Value Is text box to set the occasion when an alert for this counter is triggered. Alerts can be triggered when the counter is above or below a specific value. Select Above or Below, and then set the trigger value. The unit of measurement is whatever makes sense for the currently selected counter or counters. For example, to generate an alert if processor time is over 95 percent, select Over, and then type 95. Repeat this process to configure other counters you’ve selected.

NEW QUESTION 7
Your network contains an Active Directory domain. The domain contains several domain controllers.All domain controllers run Windows Server 2008 R2.
You need to restore the Default Domain Controllers Policy Group Policy object (GPO) to the Windows Server 2008 R2 default settings.
What should you do?

  • A. Run dcgpofix.exe /target:d
  • B. Run dcgpofix.exe /target:domai
  • C. Delete the link for the Default Domain Controllers Policy, and then run gpupdate.exe /syn
  • D. Delete the link for the Default Domain Controllers Policy, and then run gpupdate.exe /forc

Answer: A

Explanation:
http://technet.microsoft.com/en-us/library/hh875588.aspx
Dcgpofix Recreates the default Group Policy Objects (GPOs) for a domain.
Syntax
DCGPOFix [/ignoreschema] [/target: {Domain | DC | Both}] [/?]
/ignoreschema Ignores the version of the Active Directory. schema when you run this command. Otherwise, the command only works on the same schema version as the Windows version in which the command was shipped.
/target {Domain | DC | Both} Specifies which GPO to restore. You can restore the Default Domain Policy GPO, the Default Domain Controllers GPO, or both.
Examples
Restore the Default Domain Controllers Policy GPO to its original state. You will lose any changes that you have made to this GPO. dcgpofix /ignoreschema /target:DC

NEW QUESTION 8
HOTSPOT
Your network contains an Active Directory domain. The domain contains a domain
controller named DC1 that runs windows Server 2008 R2 Service Pack 1 (SP1).
You need to implement a central store for domain policy templates.
What should you do?
To answer, select the source content that should be copied to the destination folder in the
answer area.
70-640 dumps exhibit

    Answer:

    Explanation: 70-640 dumps exhibit

    NEW QUESTION 9
    Your network contains four domain controllers. The domain controllers are configured as shown in the following table.
    70-640 dumps exhibit
    All of the domain controllers are configured to host an Active Directory-integrated zone for their respective domain.
    A GlobalNames zone is deployed in the fabrikam.com forest.
    You add a canonical (CNAME) record named Server1 to the GlobalNames zone.
    You discover that users in the contoso.com forest cannot resolve the name Server1. The users in fabrikam.com can resolve the name Server1.
    You need to ensure that the contoso.com users can resolve names in the GlobalNames zone.
    What should you do? (Each correct answer presents part of the solution. Choose two.)

    • A. Run dnscmd.exe and specify the globalnamesqueryorder parameter on CONT-DC1 and CONT-DC2.
    • B. Add service location (SRV) records named _globalnames to the _msdcs.contoso.com zon
    • C. Run dnscmd.exe and specify the enableglobalnamessupport parameter on CONT-DC1 and CONT-DC2.
    • D. Run dnscmd.exe and specify the globalnamesqueryorder parameter on FABR-DC1 and FABR-DC2.
    • E. Run dnscmd.exe and specify the enableglobalnamessupport parameter on FABR-DC1 and FABR-DC2.
    • F. Add service location (SRV) records named _globalnames to the _msdcs.fabrikam.com zon

    Answer: BC

    NEW QUESTION 10
    Your company has two offices. The offices are located in Miami and London.
    The network contains an Active Directory forest named contoso.com. The forest contains two child domains named miami.contoso.com and london.contoso.com. The domain contains 50 domain controllers that run Windows Server 2008 R2. Each office is configured as an Active Directory site.
    The forest contains a custom attribute named SecurityAccessCode.
    You recently configured a domain controller named DC22 as a global catalog server.
    You need to verify that SecurityAccessCode is configured to replicate to DC22.
    What should you do?

    • A. Run the dsadd.exe command
    • B. Run the nltest.exe comman
    • C. Run the Set-AdDomain cmdle
    • D. Run the dsmove.exe comman
    • E. Run the dcpromo.exe comman
    • F. Run the Move-AdDirectoryServer cmdle
    • G. Use the Active Directory Schema snap-i
    • H. Use the Active Directory Users and Computers consol

    Answer: G

    NEW QUESTION 11
    Your company, Contoso Ltd, has offices in North America and Europe. Contoso has an Active Directory forest that has three domains.
    You need to reduce the time required to authenticate users from the labs.eu.contoso.com domain when they access resources in the eng.na.contoso.com domain.
    What should you do?

    • A. Decrease the replication interval for all Connection object
    • B. Decrease the replication interval for the DEFAULTIPSITELINK site lin
    • C. Set up a one-way shortcut trust from eng.na.contoso.com to labs.eu.contoso.co
    • D. Set up a one-way shortcut trust from labs.eu.contoso.com to eng.na.contoso.co

    Answer: C

    Explanation:
    http://technet.microsoft.com/en-us/library/cc754538.aspx
    Understanding When to Create a Shortcut Trust
    When to create a shortcut trust
    Shortcut trusts are one-way or two-way, transitive trusts that administrators can use to optimize the authentication process.
    Authentication requests must first travel a trust path between domain trees. In a complex forest this can take time, which you can reduce with shortcut trusts. A trust path is the series of domain trust relationships that authentication requests must traverse between any two domains. Shortcut trusts effectively shorten the path that authentication requests travel between domains that are located in two separate domain trees.
    Shortcut trusts are necessary when many users in a domain regularly log on to other domains in a forest.
    Using the following illustration as an example, you can form a shortcut trust between domain B and domain D, between domain A and domain 1, and so on.
    70-640 dumps exhibit
    C:\Documents and Settings\usernwz1\Desktop\1.PNG
    Using one-way trusts
    A one-way, shortcut trust that is established between two domains in separate domain trees can reduce the time that is necessary to fulfill authentication requests—but in only one direction. For example, when a oneway, shortcut trust is established between domain A and domain B, authentication requests that are made in domain A to domain B can use the new one-way trust path. However, authentication requests that are made in domain B to domain A must still travel the longer trust path.
    Using two-way trusts
    A two-way, shortcut trust that is established between two domains in separate domain trees reduces the time that is necessary to fulfill authentication requests that originate in either domain. For example, when a two-way trust is established between domain A and domain B, authentication requests that are made from either domain to the other domain can use the new, two-way trust path.

    NEW QUESTION 12
    Your network contains an Active Directory domain. All domain controllers run Windows Server 2008 R2.
    You need to receive a notification when more than 100 Active Directory objects are deleted per second.
    What should you do?

    • A. Create custom views from Event Viewe
    • B. Run the Get-ADForest cmdle
    • C. Run the ntdsutil.exe comman
    • D. Configure the Active Directory Diagnostics Data Collector Set (DCS).
    • E. Create a Data Collector Set (DCS).
    • F. Run the dsamain.exe comman
    • G. Run the dsquery.exe comman
    • H. Run the repadmin.exe comman
    • I. Configure subscriptions from Event Viewe
    • J. Run the eventcreate.exe comman

    Answer: E

    Explanation:
    http://technet.microsoft.com/en-us/magazine/ff458614.aspx
    Configure Windows Server 2008 to Notify you when Certain Events Occur
    You can configure alerts to notify you when certain events occur or when certain performance thresholds are reached. You can send these alerts as network messages and as events that are logged in the application event log. You can also configure alerts to start applications and performance logs.
    To configure an alert, follow these steps:
    1. In Performance Monitor, under the Data Collector Sets node, right-click the User-Defined node in the left pane, point to New, and then choose Data Collector Set.
    2. (...)
    3. In the Performance Counters panel, select the first counter, and then use the Alert When Value Is text box to set the occasion when an alert for this counter is triggered. Alerts can be triggered when the counter is above or below a specific value. Select Above or Below, and then set the trigger value. The unit of measurement is whatever makes sense for the currently selected counter or counters. For example, to generate an alert if processor time is over 95 percent, select Over, and then type 95. Repeat this process to configure other counters you’ve selected.

    NEW QUESTION 13
    Your network contains an Active Directory forest named contoso.com. The forest contains four child domains named east.contoso.com, west.contoso.com, south.contoso.com, and north.contoso.com.
    You need to create four new groups in the forest root domain. The groups must be configured as shown in the following table.
    70-640 dumps exhibit
    What should you do?
    To answer, drag the appropriate group type to the correct group name in the answer area.
    70-640 dumps exhibit

      Answer:

      Explanation: 70-640 dumps exhibit

      NEW QUESTION 14
      Your network contains a server that runs Windows Server 2008 R2. The server is configured as an enterprise root certification authority (CA).
      You have a Web site that uses x.509 certificates for authentication. The Web site is configured to use a manyto-one mapping.
      You revoke a certificate issued to an external partner. You need to prevent the external partner from accessing the Web site.
      What should you do?

      • A. Run certutil.exe -cr
      • B. Run certutil.exe -delke
      • C. From Active Directory Users and Computers, modify the membership of the IIS_IUSRS grou
      • D. From Active Directory Users and Computers, modify the Contact object for the external partne

      Answer: A

      Explanation:
      http://technet.microsoft.com/library/cc732443.aspx Certutil Certutil.exe is a command-line program that is installed as part of Certificate Services. You can use Certutil.exe to dump and display certification authority (CA) configuration information, configure Certificate Services, backup and restore CA components, and verify certificates, key pairs, and certificate chains. Verbs -CRL Publish new certificate revocation lists (CRLs) [or only delta CRLs] http://technet.microsoft.com/en-us/library/cc783835%28v=ws.10%29.aspx Requesting Offline Domain Controller Certificates (Advanced Certificate Enrollment and Management) If you have determined the keycontainername for a specific certificate, you can delete the key container with the following command. certutil.exe -delkey <KeyContainerName> The -delkey option is supported only with the Windows Server 2003 version of certutil. On Windows 2000, you must add a prefix to the commands. The prefix is the path you have copied the Windows Server 2003 version of certutil to. In this white paper, the %HOMEDRIVE%\W2K3AdmPak path is used.

      NEW QUESTION 15
      Your company has a single Active Directory domain. All domain controllers run Windows Server 2003.
      You install Windows Server 2008 R2 on a server.
      You need to add the new server as a domain controller in your domain.
      What should you do first?

      • A. On a domain controller run adprep /rodcpre
      • B. On the new server, run dcpromo /ad
      • C. On the new server, run dcpromo /createdcaccoun
      • D. On a domain controller, run adprep /forestpre

      Answer: D

      Explanation:
      http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/9931e32f-6302-40f0-a7a1-2598a96cd0c1/ DC promotion and adprep/forestprep
      Q: I've tried to dcpromo a new Windows 2008 server installation to be a Domain Controller, running in an existing domain. I am informed that, first, I must run adprep/forestprep ("To install a domain controller into this Active Directory forest, you must first perpare the forest using "adprep/forestprep". The Adprep utility is available on the Windows Server 2008 installation media in the Windows\sources\adprep folder"
      A1:
      You can run adprep from an existing Windows Server 2003 domain controller. Copy the
      contents of the \sources\adprep folder from the Windows Server 2008 installation DVD to
      the schema master role holder and run Adprep from there.
      A2: to introduce the first W2K8 DC within an AD forest....
      (1) no AD forest exists yet:
      --> on the stand alone server execute: DCPROMO
      --> and provide the information needed
      (2) an W2K or W2K3 AD forest already exists:
      --> ADPREP /Forestprep on the w2k/w2k3 schema master (both w2k/w2k3 forests)
      --> ADPREP /rodcprep on the w2k3 domain master (only w2k3 forests)
      --> ADPREP /domainprep on the w2k3 infrastructure master (only w2k3 domains)
      --> ADPREP /domainprep /gpprep on the w2k infrastructure master (only w2k domains)
      --> on the stand alone server execute: DCPROMO
      --> and provide the information needed

      NEW QUESTION 16
      Your network contains an Active Directory forest named contoso.com.
      You need to identify whether a fine-grained password policy is applied to a specific group.
      Which tool should you use?

      • A. Active Directory Sites and Services
      • B. Active Directory Users and Computers
      • C. Security Configuration Wizard (SCW)
      • D. Local Security Policy

      Answer: A

      NEW QUESTION 17
      Domains provide which of the following functions?

      • A. Creating logical boundaries
      • B. Easing the administration of users, groups, computers, and other objects
      • C. Providing a central database of network objects
      • D. All of the above

      Answer: D

      Explanation:
      http://technet.microsoft.com/en-us/library/cc756901%28v=ws.10%29.aspx Active Directory Logical Structure Background Information Before you design your Active Directory logical structure, it is important to understand the Active Directory logical model. Active Directory is a distributed database that stores and manages information about network resources, as well as application-specific data from directory enabled applications. Active Directory allows administrators to organize elements of a network (such as users, computers, devices, and so on) into a hierarchical containment structure. The top-level container is the forest. Within forests are domains, and within domains are organizational units. This is called the logical model because it is independent of the physical aspects of the deployment, such as the number of domain controllers required within each domain and network topology. Figure 2.2 Relationship Between Active Directory Forests, Domains, and OUs.
      70-640 dumps exhibit
      C:\Documents and Settings\usernwz1\Desktop\1.PNG

      NEW QUESTION 18
      Your network contains an Active Directory domain named contoso.com. Contoso.com contains three servers.
      The servers are configured as shown in the following table.
      70-640 dumps exhibit
      You need to ensure that users can manually enroll and renew their certificates by using the Certificate Enrollment Web Service.
      Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

      • A. Configure the policy module setting
      • B. Configure the issuance requirements for the certificate template
      • C. Configure the Certificate Services Client - Certificate Enrollment Policy Group Policy settin
      • D. Configure the delegation settings for the Certificate Enrollment Web Service application pool accoun

      Answer: BD

      Explanation: Explanation 1:
      http://technet.microsoft.com/en-us/library/dd759245.aspx
      The Certificate Enrollment Web Service can process enrollment requests for new certificates and for certificate renewal. In both cases, the client computer submits the request to the Web service and the Web service submits the request to the certification authority (CA) on behalf of the client computer. For this reason, the Web service account must be trusted for delegation in order to present the client identity to the CA.
      Explanation 2: http://social.technet.microsoft.com/wiki/contents/articles/7734.certificate-enrollment-web-services-in-active-directory-certificate-services.aspx
      Delegation is required for the Certificate Enrollment Web Service account when all of the following are true: The CA is not on the same computer as the Certificate Enrollment Web Service Certificate Enrollment Web Service needs to be able to process initial enrollment requests, as opposed to only processing certificate renewal requeststhe authentication type is set to Windows Integrated Authentication or Client certificate authentication

      NEW QUESTION 19
      Your network contains an Active Directory domain named contoso.com.
      The Active Directory sites are configured as shown in the Sites exhibit. (Click the Exhibit button.)
      70-640 dumps exhibit
      You need to ensure that DC1 and DC4 are the only servers that replicate Active Directory changes between the sites.
      What should you do?

      • A. Configure DC1 as a preferred bridgehead server for IP transpor
      • B. Configure DC4 as a preferred bridgehead server for IP transpor
      • C. From the DC4 server object, create a Connection object for DC1.
      • D. From the DC1 server object, create a Connection object for DC4.

      Answer: A

      Explanation:
      MCTS 70-640 Cert Guide: Windows Server 2008 Active Directory, Configuring (Pearson IT Certification, 2010) pages 193, 194
      Bridgehead Servers
      A bridgehead server is the domain controller designated by each site’s KCC to take control of intersite replication. The bridgehead server receives information replicated from other sites and replicates it to its site’s other domain controllers. It ensures that the greatest portion of replication occurs within sites rather than between them.
      In most cases, the KCC automatically decides which domain controller acts as the bridgehead server.
      However, you can use Active Directory Sites and Services to specify which domain controller will be the preferred bridgehead server by using the following steps:
      1. In Active Directory Sites and Services, expand the site in which you want to specify the preferred bridgehead server.
      2. Expand the Servers folder to locate the desired server, right-click it, and then choose Properties.
      3. From the list labeled Transports available for intersite data transfer, select the protocol(s) for which you want to designate this server as a preferred bridgehead server and then click add.

      100% Valid and Newest Version 70-640 Questions & Answers shared by Certleader, Get Full Dumps HERE: https://www.certleader.com/70-640-dumps.html (New 631 Q&As)