70-640 | You have a domain controller that runs Windows Server 2008…

Question: 22

You have a domain controller that runs Windows Server 2008 R2 and is configured as a DNS server. You need to record all inbound DNS queries to the server. What should you configure in the DNS Manager console?

A. Enable debug logging.
B. Enable automatic testing for simple queries.
C. Configure event logging to log errors and warnings.
D. Enable automatic testing for recursive queries.

Answer: A

70-640|Your company uses a Windows 2008 Enterprise certificate

Question: 22

Your company uses a Windows 2008 Enterprise certificate authority (CA) to issue certificates. You need to implement key archival. What should you do?

A. Configure the certificate for automatic enrollment for the computers that store encrypted files.
B. Install an Enterprise Subordinate CA and issue a user certificate to users of the encrypted files.
C. Apply the Hisecdc security template to the domain controllers.
D. Archive the private key on the server.

Answer: D

Answer: Archive the private key on the server.

Explanation:

Before a key recovery agent can use a key recovery certificate, the key recovery agent must have enrolled for the key recovery certificate and be registered as the recovery agent for the certification authority (CA).
You must be a CA administrator to complete this procedure.
To enable key archival for a CA:

1. Open the Certification Authority snap-in.
2. In the console tree, click the name of the CA.
3. On the Action menu, click Properties.
4. Click the Recovery Agents tab, and then click Archive the key.
5. In Number of recovery agents to use, type the number of key recovery agents that will be used to encrypt the archived key.
The Number of recovery agents to use must be between one and the number of key recovery agent certificates that have been configured.
6. Click Add. Then, in Key Recovery Agent Selection, click the key recovery certificates that are displayed, and click OK.
7. The certificates should appear in the Key recovery agent certificates list, but their status is listed as Not loaded.
8. Click OK or Apply. When prompted to restart the CA, click Yes. When the CA has restarted, the status of the certificates should be listed as Valid.

70-640 Sample Question : 18

Question : 18

Your company, Contoso Ltd has a main office and a branch office. The offices are connected by a WAN link. Contoso has an Active Directory forest that contains a single domain named ad.contoso.com.The ad.contoso.com domain contains one domain controller named DC1 that is located in the main office. DC1 is configured as a DNS server for the ad.contoso.com DNS zone. This zone is configured as a standard primary zone.You install a new domain controller named DC2 in the branch office. You install DNS on DC2. You need to ensure that the DNS service can update records and resolve DNS queries in the event that aWAN link fails.What should you do?

A. Create a new stub zone named ad.contoso.com on DC2.
B. Create a new standard secondary zone named ad.contoso.com on DC2.
C. Configure the DNS server on DC2 to forward requests to DC1.
D. Convert the ad.contoso.com zone on DC1 to an Active Directory-integrated zone.

Answer : D

70-640 Sample Question : 17

Question : 17

Your network consists of a single Active Directory domain. All domain controllers run Windows Server 2008 R2. The Audit account management policy setting and Audit directory services access setting are enabled for the entire domain.You need to ensure that changes made to Active Directory objects can be logged. The logged changes must include the old and new values of any attributes.What should you do?

A. Run auditpol.exe and then configure the Security settings of the Domain Controllers OU.
B. From the Default Domain Controllers policy, enable the Audit directory service access setting and enable directory service changes.
C. Enable the Audit account management policy in the Default Domain Controller Policy.
D. Run auditpol.exe and then enable the Audit directory service access setting in the Default Domain policy.

Answer : A

70-640 Sample Question : 16

Question : 16

You have a single Active Directory domain. All domain controllers run Windows Server 2008 and are configured as DNS servers.The domain contains one Active Directory-integrated DNS zone. You need to ensure that outdated DNS records are automatically removed from the DNS zone.What should you do?

A. From the properties of the zone, modify the TTL of the SOA record.
B. From the properties of the zone, enable scavenging.
C. From the command prompt, run ipconfig /flushdns.
D. From the properties of the zone, disable dynamic updates.

Answer : B

70-640 Sample Question : 15

Question : 15

Your company has one main office and four branch offices. The main office contains a standard primary DNS zone named adatum.com. Each branch office contains a copy of the adatum.com zone. When records are added to the adatum.com zone, you discover that it takes up to one hour before the changes replicate to each zone in the branch offices. You need to minimize the amount of time it takes for the records to be updated in the branch offices. What should you do?

A. On the DNS server in the main office, configure the Notify settings.
B. On the DNS servers in the branch offices, configure the Notify settings.
C. On the DNS servers in the branch offices, configure the Zone Aging/Scavenging Properties.
D. On the DNS server in the main office, configure the Zone Aging/Scavenging Properties.

Answer : A

70-640 Sample Question : 14

Question : 14

Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1. You have a member server named Server1. Both DC1 and Server1 have the DNS Server server role installed. On DC1, you create an Active Directory-integrated zone named adatum.com. You need to ensure that Server1 receives a copy of the zone. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

A. Create a secondary zone on Server1.
B. Modify the zone type of adatum.com.
C. Modify the Zone Transfers settings of adatum.com,
D. Add Server1 to the DNSUpdateProxy group.
E. Create a primary zone on Server1.

Answer : AC

70-640 Sample Question : 13

Question : 13

A corporate network includes an Active Directory Domain Services (AD DS) forest that contains two domains. All servers run Windows Server 2008 R2. All domain controllers are configured as DNS servers. A standard primary zone for dev.contoso.com is stored on a member server. You need to ensure that all domain controllers can resolve names from the dev.contoso.com zone. What should you do?

A. On one domain controller, create a stub zone. Configure the stub zone to replicate to all DNS servers in the forest.
B. On one domain controller, create a stub zone. Configure the stub zone to replicate to all DNS servers in the domain.
C. On one domain controller, create a conditional forwarder. Configure the conditional forwarder to replicate to all DNS servers in the domain.
D. On the member server, create a secondary zone.

Answer: A

70-640 Sample Question : 12

Question : 12

Your network contains an Active Directory domain named contoso.com. You need to ensure that when computers are joined manually to the domain by using the System Properties, the computer account of the computers is created automatically in an organizational unit (OU) named NewComputers. Which command should you run?

A. dsmgmt.exe
B. redircmp.exe
C. csvde.exe
D. computerdefaults.exe

Answer: B

70-640 Sample Question : 12

Question : 12

Your network contains an Active Directory domain named contoso.com. The domain contains an enterprise certification authority (CA). You plan to delegate certificate enrollment for Smartcard Logon certificates to a user named User1. User1 is the member of a group named CONTOSO\DelegatedAdmins. You need to recommend a solution to provide User1 with the ability to enroll for Smartcard Logon certificates on behalf of other domain users. What should you include in the recommendation?

A. Duplicate the Smartcard Logon certificate template. Modify the Extensions settings and the Request Handling settings of the new template.
B. Modify the Issuance Requirements settings and the Security settings of the Smartcard Logon certificate template.
C. Modify the Extensions settings and the Request Handling settings of the Smartcard Logon certificate template.
D. Duplicate the Smartcard Logon certificate template. Modify the Issuance Requirements settings and the Security settings of the new template.

Answer: D

70-640 Sample Question : 11

Question : 11

Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that runs Windows Server 2008 R2. You need to increase the amount of Active Directory diagnostic information logged to the Event Viewer on DC1. What should you do?

A. Modify the properties of the objects in the Active Directory Diagnostics Data Collector Set (DCS).
B. Modify the properties of the System Log and the Application Log.
C. Modify the flags attribute of DC1.
D. Modify the settings in the HKey_Local_Machine\SYSTEM\CurrentControlSet\services\NTDS\Diagnostics registry key.

Answer: D

70-640 Sample Question : 10

Question : 10

Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that runs Windows Server 2008 R2. You need to increase the amount of Active Directory diagnostic information logged to the Event Viewer on DC1. What should you do?

A.Modify the properties of the objects in the Active Directory Diagnostics Data Collector Set (DCS).
B.Modify the properties of the System Log and the Application Log.
C.Modify the flags attribute of DC1.
D.Modify the settings in the HKey_Local_Machine\SYSTEM\CurrentControlSet\services\NTDS\Diagnostics registry key.

Answer: D

70-640 Sample Question : 9

 Question : 9

Your network consists of an Active Directory forest that contains one domain named contoso.com.All domain controllers run Windows Server 2008 and are configured as DNS servers.You have two Active Directory-integrated zones: contoso.com and nwtraders.com. You need to ensure a user is able to modify records in the contoso.com zone. You must prevent the user from modifying the SOA record in the nwtraders.com zone. What should you do?

A. From the DNS Manager console, modify the permissions of the contoso.com zone.
B. From the DNS Manager console, modify the permissions of the nwtraders.com zone.
C. From the Active Directory Users and Computers console, run the Delegation of Control Wizard.
D. From the Active Directory Users and Computers console, modify the permissions of the Domain Controllers organizational unit (OU).

Answer: A

70-640 Sample Question : 8

Question : 8

Your company has a DNS server that has 10 Active DirectoryCintegrated zones. You need to provide copies of the zone files of the DNS server to the security department. What should you do?

A. Run the dnscmd /ZoneInfo command.

B. Run the ipconfig /registerdns command.

C. Run the dnscmd /ZoneExport command.

D. Run the ntdsutil > Partition Management > List commands.

Answer: C

70-640 Sample Question : 7

Question : 7

You have a single Active Directory domain. All domain controllers run Windows Server 2008 and are configured as DNS servers. The domain contains one Active Directory integrated DNS zone. You need to ensure that outdated DNS records are automatically removed from the DNS zone. What should you do?

A. From the properties of the zone, enable scavenging.
B. From the properties of the zone, disable dynamic updates.
C. From the properties of the zone, modify the TTL of the SOA record.
D. From the command prompt, run ipconfig /flushdns.

Answer: A

Search Words: 70-640 Q&A real exam questions answers practice test braindumps, free Q&A online dumps download and free 70-640 Q&A discount coupon code available.