Cause all that matters here is passing exam with . Cause all that you need is a high score of . The only one thing you need to do is downloading free now. We will not let you down with our money-back guarantee.

Microsoft 70-640 Free Dumps Questions Online, Read and Test Now.

NEW QUESTION 1
DRAG DROP
Your company has two domain controllers named DC1 and DC2. DC1 hosts all domain and forest operations master roles. DC1 fails.
You need to rebuild DC1 by reinstalling the operating system. You also need to rollback all operations master roles to their original state.
You perform a metadata cleanup and remove all Explanations of DC1.
Which three actions should you perform next?
(To answer, move the appropriate actions from the list of actions to the answer area and
arrange them in the correct order.)
70-640 dumps exhibit

    Answer:

    Explanation: 70-640 dumps exhibit

    NEW QUESTION 2
    Your network contains an Active Directory domain named litwareinc.com. The domain contains two sites named Site1 and Site2. Site2 contains a read-only domain controller (RODC).
    You need to identify which user accounts attempted to authenticate to the RODC.
    Which tool should you use?

    • A. Repadmin
    • B. Get-ADAccountResultantPasswordReplicationPolicy
    • C. Active Directory Sites and Services
    • D. Get-ADFineGrainedPasswordPolicy

    Answer: A

    NEW QUESTION 3
    You create 200 new user accounts. The users are located in six different sites. New users report that they receive the following error message when they try to log on: "The username or password is incorrect." You confirm that the user accounts exist and are enabled. You also confirm that the user name and password information supplied are correct.
    You need to identify the cause of the failure. You also need to ensure that the new users are able to log on.
    Which utility should you run?

    • A. Active Directory Domains and Trusts
    • B. Repadmin
    • C. Rstools
    • D. Rsdiag

    Answer: B

    Explanation:
    http://technet.microsoft.com/en-us/library/cc770963.aspx
    Repadmin /replsummary
    Identifies domain controllers that are failing inbound replication or outbound replication, and summarizes the results in a report.
    Repadmin /showrepl Displays the replication status when the specified domain controller last attempted to perform inbound replication on Active Directory partitions.
    Repadmin /syncall Synchronizes a specified domain controller with all replication partners.

    NEW QUESTION 4
    Your network contains an Active Directory forest named fabrikam.com. The forest contains the following domains:
    Fabrikam.com
    Eu.fabrikam.com
    Na.fabrikam.com
    Eu.contoso.com
    Na.contoso.com
    You need to configure the forest to ensure that the administrators of any of the domains can specify a user principal name (UPN) suffix of contoso.com when they create user accounts from Active Directory Users and Computers.
    Which tool should you use?

    • A. Active Directory Sites and Services
    • B. Set-ADDomain
    • C. Set-ADForest
    • D. Active Directory Administrative Center

    Answer: C

    Explanation:
    We would use the following command to achieve this: Set-ADForest -UPNSuffixes @{Add="contoso.com"} Explanation 1:
    http://technet.microsoft.com/en-us/library/dd391925.aspx
    Creating a UPN Suffix for a Forest This topic explains how to use the Active Directory module for Windows PowerShell to create a new user principal name (UPN) suffix for the users in a forest. Creating an additional UPN suffix helps simplify the names that are used to log on to another domain in the forest.
    Example The following example demonstrates how to create a new UPN suffix for the users in the Fabrikam.com forest: Set-ADForest -UPNSuffixes @{Add="headquarters.fabrikam.com"} Explanation 2 http://technet.microsoft.com/en-us/library/ee617221.aspx Set-ADForest Modifies an Active Directory forest.
    Parameter
    UPNSuffixes
    Modifies the list of user principal name (UPN) suffixes of the forest. This parameter sets the
    multi-valued msDS-UPNSuffixes property of the cross-Explanation container. This parameter
    uses the following syntax to add remove, replace, or clear UPN suffix values.
    Syntax:
    To add values:
    -UPNSuffixes @{Add=value1,value2,...}

    NEW QUESTION 5
    Your network contains an Active Directory forest named contoso.com. The forest contains one domain. The domain contains three domain controllers. The domain controllers are configured as shown in the following table.
    70-640 dumps exhibit
    DC2 fails and cannot be recovered.
    Several weeks later, administrators report that they can no longer create new users and
    groups in the domain.
    You need to ensure that the administrators can create new users and groups.
    What should you add?

    • A. the RID master role to DC3
    • B. the schema master role to DC1
    • C. the infrastructure master role to DC1
    • D. the domain naming master role to DC3

    Answer: A

    NEW QUESTION 6
    Your network contains an Active Directory forest named contoso.com.
    You need to identify whether a fine-grained password policy is applied to a specific group.
    Which tool should you use?

    • A. Active Directory Users and Computers
    • B. Security Configuration Wizard (SCW)
    • C. Group Policy Management Editor
    • D. Active Directory Sites and Services

    Answer: A

    NEW QUESTION 7
    You have an enterprise subordinate certification authority (CA).
    You have a custom certificate template that has a key length of 1,024 bits. The template is enabled for autoenrollment.
    You increase the template key length to 2,048 bits.
    You need to ensure that all current certificate holders automatically enroll for a certificate that uses the new template.
    Which console should you use?

    • A. Group Policy Management MMC Snap-In
    • B. Certificates MMC Snap-In on the Certificate Authority
    • C. Certificate Templates MMC Snap-In
    • D. Certification Authority MMC Snap-In

    Answer: C

    Explanation:
    http://technet.microsoft.com/en-us/library/cc771246.aspx
    Re-Enroll All Certificate Holders
    This procedure is used when a critical change is made to the certificate template and you want all subjects that hold a certificate that is based on this template to re-enroll as quickly as possible. The next time the subject verifies the version of the certificate against the version of the template on the certification authority (CA), the subject will re-enroll.
    Membership in Domain Admins or Enterprise Admins, or equivalent, is the minimum required to complete this procedure. For more information, see Implement Role-Based Administration.
    To re-enroll all certificate holders
    1. Open the Certificate Templates snap-in.
    2. Right-click the template that you want to use, and then click Reenroll All Certificate Holders.

    NEW QUESTION 8
    Your company has a main office and a branch office. The branch office has an Active Directory site that contains a read-only domain controller (RODC).
    A user from the branch office reports that his account is locked out.
    From a writable domain controller in the main office, you discover that the user's account is not locked out. You need to ensure that the user can log on to the domain.
    What should you do?

    • A. Modify the Password Replication Polic
    • B. Reset the password of the user accoun
    • C. Run the Knowledge Consistency Checker (KCC) on the ROD
    • D. Restore network communication between the branch office and the main offic

    Answer: D

    Explanation:
    Not sure if:
    Run the Knowledge Consistency Checker (KCC) on the RODC.
    or
    Restore network communication between the branch office and the main office.

    NEW QUESTION 9
    You need to deploy a read-only domain controller (RODC) that runs Windows Server 2008 R2.
    What is the minimal forest functional level that you should use?

    • A. Windows Server 2008 R2
    • B. Windows Server 2008
    • C. Windows Server 2003
    • D. Windows 2000

    Answer: C

    Explanation:
    http://technet.microsoft.com/en-us/library/cc731243.aspx
    Prerequisites for Deploying an RODC
    Complete the following prerequisites before you deploy a read-only domain controller (RODC):
    Ensure that the forest functional level is Windows Server 2003 or higher, so that linked-valuereplication (LVR) is available.

    NEW QUESTION 10
    You have an enterprise subordinate certification authority (CA).
    You have a custom Version 3 certificate template.
    Users can enroll for certificates based on the custom certificate template by using the
    Certificates console. The certificate template is unavailable for Web enrollment.
    You need to ensure that the certificate template is available on the Web enrollment pages.
    What should you do?

    • A. Run certutil.exe puls
    • B. Run certutil.exe installcer
    • C. Change the certificate template to a Version 2 certificate templat
    • D. On the certificate template, assign the Autoenroll permission to the user

    Answer: C

    Explanation:
    Explanation
    Identical to F/Q33. Explanation 1: http://technet.microsoft.com/en-us/library/cc732517.aspx Certificate Web enrollment cannot be used with version 3 certificate templates. Explanation 2: http://blogs.technet.com/b/ad/archive/2008/06/30/2008-web-enrollment-and-version-3-templates.aspx The reason for this blog post is that one of our customers called after noticing some unexpected behavior when they were trying to use the Server 2008 certificate web enrollment page to request a Version 3 Template based certificate. The problem was that no matter what they did the Version 3 Templates would not appear as certificates which could be requested via the web page. On the other hand, version 1 and 2 templates did appear in the page and requests could be done successfully using those templates.

    NEW QUESTION 11
    Your company has an Active Directory domain. You have a two-tier PKI infrastructure that contains an offline root CA and an online issuing CA. The Enterprise certification authority is running Windows Server 2008 R2.
    You need to ensure users are able to enroll new certificates.
    What should you do?

    • A. Renew the Certificate Revocation List (CRL) on the root C
    • B. Copy the CRL to the CertEnroll folder on the issuing C
    • C. Renew the Certificate Revocation List (CRL) on the issuing CA, Copy the CRL to the SysternCertificates folder in the users' profil
    • D. Import the root CA certificate into the Trusted Root Certification Authorities store on all client workstation
    • E. Import the issuing CA certificate into the Intermediate Certification Authorities store on all client workstation

    Answer: A

    Explanation:
    http://social.technet.microsoft.com/wiki/contents/articles/2900.offline-root-certification-authority-ca.aspx Offline Root Certification Authority (CA) A root certification authority (CA) is the top of a public key infrastructure (PKI) and generates a self-signed certificate. This means that the root CA is validating itself (self-validating). This root CA could then have subordinate CAs that effectively trust it. The subordinate CAs receive a certificate signed by the root CA, so the subordinate CAs can issue certificates that are validated by the root CA. This establishes a CA hierarchy and trust path. CA Compromise If a root CA is in some way compromised (broken into, hacked, stolen, or accessed by an unauthorized or malicious person), then all of the certificates that were issued by that CA are also compromised. Since certificates are used for data protection, identification, and authorization, the compromise of a CA could compromise the security of an entire organizational network. For that reason, many organizations that run internal PKIs install their root CA offline. That is, the CA is never connected to the company network, which makes the root CA an offline root CA. Make sure that you keep all CAs in secure areas with limited access. To ensure the reliability of your CA infrastructure, specify that any root and non-issuing intermediate CAs must be offline. A non-issuing CA is one that is not expected to provide certificates to client computers, network devices, and so on. This minimizes the risk of the CA private keys becoming compromised, which would in turn compromise all the certificates that were issued by the CA. How Do Offline CAs issue certificates? Offline root CAs can issue certificates to removable media devices (e.g. floppy disk, USB drive, CD/DVD) and then physically transported to the subordinate CAs that need the certificate in order to perform their tasks. If the subordinate CA is a non-issuing intermediate that is offline, then it will also be used to generate a certificate and that certificate will be placed on removable media. Each CA receives its authorization to issue certificates from the CA directly above it in the CA hierarchy. However, you can have multiple CAs at the same level of the CA hierarchy. Issuing CAs are typically online and used to issue certificates to client computers, network devices, mobile devices, and so on. Do not join offline CAs to an Active Directory Domain Services domain Since offline CAs should not be connected to a network, it does not make sense to join them to an Active Directory Domain Services (AD DS) domain, even with the Offline Domain Join [This link is external to TechNet Wiki. It will open in a new window.] option introduced with Windows 7 and Windows Server 2008 R2. Furthermore, installing an offline CA on a server that is a member of a domain can cause problems with a secure channel when you bring the CA back online after a long offline period. This is because the computer account password changes every 30 days. You can get around this by problem and better protect your CA by making it a member of a workgroup, instead of a domain. Since Enterprise CAs need to be joined to an AD DS domain, do not attempt to install an offline CA as a Windows Server Enterprise CA. http://technet.microsoft.com/en-us/library/cc740209%28v=ws.10%29.aspx Renewing a certification authority A certification authority may need to be renewed for either of the following reasons: Change in the policy of certificates issued by the CA Expiration of the CA's issuing certificate

    NEW QUESTION 12
    Your network contains an Active Directory domain named contoso.com. The domain contains two domain controllers named Serverl and Server2.
    DNS Manager on Server2 is shown in the exhibit. (Click the Exhibit button.)
    70-640 dumps exhibit
    To answer, complete each statement according to the information presented in the exhibit. Each correct selection is worth one point.
    70-640 dumps exhibit

      Answer:

      Explanation: 70-640 dumps exhibit

      NEW QUESTION 13
      Your network contains an Active Directory forest. The forest contains domain controllers that run Windows Server 2008 R2. The functional level of the forest is Windows Server 2003. The functional level of the domain is Windows Server 2008.
      From a domain controller, you need to perform an authoritative restore of an organizational unit (OU).
      What should you do first?

      • A. Raise the functional level of the forest
      • B. Modify the tombstone lifetime of the fores
      • C. Restore the system stat
      • D. Raise the functional level of the domai

      Answer: C

      Explanation:
      The Recycle Bin feature cannot be applied here, see the Explanation below. Explanation:
      Windows Server 2008 R2 Unleashed (SAMS, 2010) pages 1292 and 1297
      Active Directory Recycle Bin Recovery
      Let’s begin this section with a very clear statement: If you need to recover a deleted Active Directory object and the Active Directory Recycle Bin was not enabled before the object was deleted, skip this section and proceed to the “Active Directory Authoritative Restore” section.
      Active Directory Authoritative Restore
      When Active Directory has been modified and needs to be restored to a previous state, and this rollback needs to be replicated to all domain controllers in the domain and possibly the forest, an authoritative restore of Active Directory is required. An authoritative restore of Active Directory can include the entire Active Directory database, a single object, or a container, such as an organizational unit including all objects previously stored within the container. To perform an authoritative restore of Active Directory, perform the System State restore of a domain controller.

      NEW QUESTION 14
      Your network contains an Active Directory domain named contoso.com.
      The domain contains an enterprise certification authority (CA).
      You need to deploy certificates based on Version 1 templates to all of the computers in the domain. The solution must minimize administrative effort.
      You create a Group Policy object (GPO) named GPOl and link the GPO to the domain.
      What should you do next?

      • A. In GPOl, configure Certificate Services Client - Certificate Enrollment Polic
      • B. Duplicate the template
      • C. In GPOl, configure Certificate Services Client - Auto-Enrollmen
      • D. Duplicate the template
      • E. In GPOl, configure Automatic Certificate Request Setting
      • F. In GPOl, configure Certificate Services Client - Auto-Enrollmen

      Answer: C

      Explanation: Automatic certificate request settings Certificate enrollment is the process of requesting, receiving, and installing a certificate. By using automatic certificate settings in public key policies, you can have computers that are associated with a Group Policy object (GPO) automatically enroll for certificates. This can save you the step of explicitly enrolling for computer-related certificates for each computer. After you establish an automatic certificate request, the actual certificate requests occur the next time the computers associated with the GPO log on to the network. Incorrect: Not A: Certificate enrollment policy provides the locations of certification authorities (CAs) and the types of certificates that can be requested. Organizations that are using Active Directory Domain Services (AD DS) can use Group Policy to provide certificate enrollment policy to domain members by using the Group Policy Management Console to configure the certificate enrollment policy settings. The Certificates snap-in can be used to configure certificate enrollment policy settings for individual client computers unless the Group Policy setting is configured to disable user-configured enrollment policy.

      NEW QUESTION 15
      Your network contains an Active Directory domain named adatum.com. The domain contains a domain controller named DC1. DC1 has an IP address of 192.168.200.100.
      You need to identify the zone that contains the Pointer (PTR) record for DC1.
      Which zone should you identify?

      • A. adatum.com
      • B. _msdcs.adatum.com
      • C. 100.168.192.in-addr.arpa
      • D. 200.168.192.in-addr.arpa

      Answer: D

      Explanation:
      Explanation 1: MCTS 70-640 Cert Guide: Windows Server 2008 Active Directory, Configuring (Pearson IT Certification, 2010) page 57 Reverse lookup: This occurs when a client computer knows the IP address of another computer and requires its hostname, which can be found in the DNS server’s PTR (pointer) resource record. Explanation 2: MCTS 70-640 Cert Guide: Windows Server 2008 Active Directory, Configuring (Pearson IT Certification, 2010) page 45/730 You are configuring a reverse lookup zone for your network, which uses the Class C network address range of 192.168.5.0/24. Which of the following addresses should you use for the reverse lookup zone?
      a. 5.168.192.in-addr.arpa
      b. 0.5.168.192.in-addr.arpa
      c. 192.168.5.in-addr.arpa
      d. 192.168.5.0.in-addr.arpa
      The reverse lookup zone contains octets of the network portion of the IP address in reverse sequence and uses a special domain name ending in in-addr.arpa. Thus the correct address is 5.168.192.in-addr.arpa. You do not use the host portion of the IP address, so 0.5.168.192.in-addr.arpa is incorrect. The octets must be specified in reverse sequence, so the other two choices are both incorrect.

      NEW QUESTION 16
      Your company has a main office and 40 branch offices. Each branch office is configured as a separate Active Directory site that has a dedicated read-only domain controller (RODC).
      An RODC server is stolen from one of the branch offices.
      You need to identify the user accounts that were cached on the stolen RODC server.
      Which utility should you use?

      • A. Dsmod.exe
      • B. Ntdsutil.exe
      • C. Active Directory Sites and Services
      • D. Active Directory Users and Computers

      Answer: D

      Explanation:
      http://technet.microsoft.com/en-us/library/cc835486%28v=ws.10%29.aspx Securing Accounts After an RODC Is Stolen If you become aware of a stolen or otherwise compromised read-only domain controller (RODC), you should act quickly to delete the RODC account from the domain and to reset the passwords of the accounts whose current passwords are stored on the RODC. An efficient tool for removing the RODC computer account and resetting all the passwords for the accounts that were authenticated to it is the Active Directory Users and Computers snap-in.

      NEW QUESTION 17
      Your network contains an Active Directory domain named contoso.com.
      The Administrator deletes an OU named OU1 accidentally.
      You need to restore OU1. Which cmdlet should you use?

      • A. Set-ADObject cmdle
      • B. Set-ADOrganizationalUnit cmdle
      • C. Set-ADUser cmdle
      • D. Set-ADGroup cmdle

      Answer: A

      Explanation: Explanation/Explanation: http://technet.microsoft.com/en-us/library/dd379509.aspx Restoring a deleted Active Directory object using the Get-ADObject and Restore-ADObject cmdlets You can also restore a deleted Active Directory object by using the Get-ADObject and Restore-ADObject Active Directory module for Windows PowerShell cmdlets. The recommended approach is to use the Get-ADObject cmdlet to retrieve the deleted object and then pass that object through the pipeline to the Restore-ADObject cmdlet.

      NEW QUESTION 18
      Your network contains an Active Directory domain named contoso.com. The domain has one Active Directory site.
      The domain contains an organizational unit (OU) named OU1. OU1 contains user accounts for 100 users and their managers.
      You apply a Group Policy object (GPO) named GPO1 to OU1. GPO1 restricts several desktop settings.
      The managers request that the desktop settings not be applied to them.
      You need to prevent the desktop settings in GPOl from being applied to the managers. All other users in OU1 must have GPO1 applied to them.
      What should you do?

      • A. Configure the permissions on OU1.
      • B. Configure the permissions on the user accounts of the manager
      • C. Link GPO1 to a WMI filte
      • D. Configure the permissions of GPO

      Answer: D

      Explanation: Security filtering is a way of refining which users and computers will receive and apply the settings in a Group Policy object (GPO). Using security filtering, you can specify that only certain security principals within a container where the GPO is linked apply the GPO. Security group filtering determines whether the GPO as a whole applies to groups, users, or computers; it cannot be used selectively on different settings within a GPO. In order for the GPO to apply to a given user or computer, that user or computer must have both Read and Apply Group Policy (AGP) permissions on the GPO, either explicitly, or effectively though group membership.

      NEW QUESTION 19
      Your network contains an Active Directory domain named contoso.com.
      You have an organizational unit (OU) named Sales and an OU named Engineering.
      You have a Group Policy object (GPO) linked to the domain. The GPO is used to deploy a number of software packages.
      You need to ensure that the GPO is applied only to client computers that have sufficient free disk space.
      What should you do?

      • A. Modify the Group Policy permission
      • B. Enable block inheritanc
      • C. Configure the link orde
      • D. Enable loopback processing in merge mod
      • E. Enable loopback processing in replace mod
      • F. Configure WMI filterin
      • G. Configure Restricted Group
      • H. Configure Group Policy PExplanation
      • I. Link the GPO to the Sales O
      • J. Link the GPO to the Engineering O

      Answer: F

      100% Valid and Newest Version 70-640 Questions & Answers shared by 2passeasy, Get Full Dumps HERE: https://www.2passeasy.com/dumps/70-640/ (New 631 Q&As)