Braindump2go Guarantees Your Microsoft 70-640 Exam 100% Success with Our Unique Official 70-640 Exam Questions Resources! Braindump2go’s 70-640 Braindumps are Developed by Experiences IT Certifications Professionals Working in Today’s Prospering Companies and Data Centers! Braindump2go 70-640 Exam Dumps are Checked by Our Experts Team every day to ensure you have the Latest Updated Exam Dumps!
Vendor: Microsoft
Exam Code: 70-640
Exam Name: TS: Windows Server 2008 Active Directory, Configuring
Keywords: 70-640 Exam Dumps,70-640 Practice Tests,70-640 Practice Exams,70-640 Exam Questions,70-640 Dumps,70-640 Dumps PDF,70-640 VCE,70-640 Braindump,70-640 TS: Windows Server 2008 Active Directory, Configuring
QUESTION 611
You create a Password Settings object (PSO).
You need to apply the PSO to a domain user named User1.
What should you do?
A. Modify the properties of the PSO.
B. Modify the account options of the User1 account.
C. Modify the security settings of the User1 account.
D. Modify the password policy of the Default Domain Policy Group Policy object (GPO).
Answer: A
Explanation:
http://technet.microsoft.com/en-us/library/cc731589.aspx
To apply PSOs to users or global security groups using the Windows interface
QUESTION 612
You need to create a Password Settings object (PSO).
Which tool should you use?
A. Active Directory Users and Computers
B. ADSI Edit
C. Group Policy Management Console
D. Ntdsutil
Answer: B
Explanation:
http://technet.microsoft.com/en-us/library/cc754461.aspx
You can create Password Settings objects (PSOs): using the Active Directory module for Windows PowerShell using ADSI Edit using ldifde
QUESTION 613
Your network contains an Active Directory domain.
All servers run Windows Server 2008 R2.
You need to audit the deletion of registry keys on each server.
What should you do?
A. From Audit Policy, modify the Object Access settings and the Process Tracking settings.
B. From Audit Policy, modify the System Events settings and the Privilege Use settings.
C. From Advanced Audit Policy Configuration, modify the System settings and the Detailed
Tracking settings.
D. From Advanced Audit Policy Configuration, modify the Object Access settings and the
Global Object Access Auditing settings.
Answer: D
Explanation:
http://technet.microsoft.com/en-us/library/dd408940.aspx
Advanced Security Audit Policy Step-by-Step Guide
A global object access audit policy can be used to enforce object access audit policy for a computer, file share, or registry.
QUESTION 614
Your network contains a single Active Directory domain.
The functional level of the forest is Windows Server 2008 R2.
You need to enable the Active Directory Recycle Bin.
What should you use?
A. the Dsmod tool
B. the Enable-ADOptionalFeature cmdlet
C. the Ntdsutil tool
D. the Set-ADDomainMode cmdlet
Answer: B
Explanation:
http://technet.microsoft.com/en-us/library/dd379481.aspx
QUESTION 615
Active Directory Rights Management Services (AD RMS) is deployed on your network.
You need to configure AD RMS to use Kerberos authentication.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Register a service principal name (SPN) for AD RMS.
B. Register a service connection point (SCP) for AD RMS.
C. Configure the identity setting of the _DRMSAppPool1 application pool.
D. Configure the useAppPoolCredentials attribute in the Internet Information Services (IIS)
Answer: AD
Explanation:
http://technet.microsoft.com/en-us/library/dd759186.aspx
QUESTION 616
Your network contains an Active Directory forest.
The forest contains an Active Directory site for a remote office.
The remote site contains a read-only domain controller (RODC).
You need to configure the RODC to store only the passwords of users in the remote site.
What should you do?
A. Create a Password Settings object (PSO).
B. Modify the Partial-Attribute-Set attribute of the forest.
C. Add the user accounts of the remote site users to the Allowed RODC Password Replication
Group.
D. Add the user accounts of users who are not in the remote site to the Denied RODC Password
Replication Group.
Answer: C
Explanation:
http://technet.microsoft.com/en-us/library/cc730883.aspx
QUESTION 617
Your company has four offices.
The network contains a single Active Directory domain.
Each office has a domain controller.
Each office has an organizational unit (OU) that contains the user accounts for the users in that office.
In each office, support technicians perform basic troubleshooting for the users in their respective office.
You need to ensure that the support technicians can reset the passwords for the user accounts in their respective office only.
The solution must prevent the technicians from creating user accounts.
What should you do?
A. For each OU, run the Delegation of Control Wizard.
B. For the domain, run the Delegation of Control Wizard.
C. For each office, create an Active Directory group, and then modify the security settings for
each group.
D. For each office, create an Active Directory group, and then modify the controlAccessRights
attribute for each group.
Answer: A
Explanation:
http://technet.microsoft.com/en-us/library/cc732524.aspx
QUESTION 618
Your network contains a single Active Directory domain.
Client computers run either Windows XP Service Pack 3 (SP3) or Windows 7.
All of the computer accounts for the client computers are located in an organizational unit (OU) named OU1.
You link a new Group Policy object (GPO) named GPO10 to OU1.
You need to ensure that GPO10 is applied only to client computers that run Windows 7.
What should you do?
A. Create a new OU in OU1. Move the Windows XP computer accounts to the new OU.
B. Enable block inheritance on OU1.
C. Create a WMI filter and assign the filter to GPO10.
D. Modify the permissions of OU1.
Answer: C
Explanation:
http://technet.microsoft.com/en-us/library/cc947846.aspx
To make sure that each GPO associated with a group can only be applied to computers running the correct version of Windows, use the Group Policy Management MMC snap-in to create and assign WMI filters to the GPO. Although you can create a separate membership group for each GPO, you would then have to manage the memberships of the different groups. Instead, use only a single membership group, and let WMI filters automatically ensure the correct GPO is applied to each computer.
QUESTION 619
Your network contains an Active Directory domain named contoso.com.
You need to audit changes to a service account.
The solution must ensure that the audit logs contain the before and after values of all the changes.
Which security policy setting should you configure?
A. Audit Sensitive Privilege Use
B. Audit User Account Management
C. Audit Directory Service Changes
D. Audit Other Account Management Events
Answer: C
Explanation:
http://technet.microsoft.com/en-us/library/dd772641.aspx
Audit Directory Service Changes
This security policy setting determines whether the operating system generates audit events when changes are made to objects in Active Directory Domain Services (AD DS).
http://technet.microsoft.com/en-us/library/cc731607.aspx
AD DS Auditing Step-by-Step Guide
This guide includes a description of the new Active Directory® Domain Services (AD DS) auditing feature in Windows Server® 2008. With the new auditing feature, you can log events that show old and new values; for example, you can show that Joe’s favorite drink changed from single latte to triple-shot latte.
QUESTION 620
Your network contains two Active Directory forests named contoso.com and nwtraders.com. Active Directory Rights Management Services (AD RMS) is deployed in each forest.
You need to ensure that users from the nwtraders.com forest can access AD RMS protected content in the contoso.com forest.
What should you do?
A. Add a trusted user domain to the AD RMS cluster in the nwtraders.com domain.
B. Create an external trust from nwtraders.com to contoso.com.
C. Add a trusted user domain to the AD RMS cluster in the contoso.com domain.
D. Create an external trust from contoso.com to nwtraders.com.
Answer: C
Explanation:
http://technet.microsoft.com/en-us/library/hh311036.aspx
Using AD RMS trust
It is not necessary to create trust or federation relationships between the Active Directory forests of organizations to be able to share rights-protected information between separate organizations. AD RMS provides two types of trust relationships that provide this kind of rights-protected information exchange. A trusted user domain (TUD) allows the AD RMS root cluster to process requests for client licensor certificates or use licenses from users whose rights account certificates (RACs) were issued by a different AD RMS root cluster.
You add a trusted user domain by importing the server licensor certificate of the AD RMS cluster to trust.
100% 70-640 Complete Success & Money Back Guarantee!
By utilizing Braindump2go high quality Microsoft 70-640 Exam Dumps Products, You can surely pass 70-640 certification 100%! Braindump2go also offers 100% money back guarantee to individuals in case they fail to pass Microsoft 70-640 in one attempt.