70-640 Exam Dumps Free Shared By Braindump2go For Instant Download Now! Download Latest 70-640 Exam Questions and pass 70-640 one time easily! Do you want to be a winner?
Vendor: Microsoft
Exam Code: 70-640
Exam Name: TS: Windows Server 2008 Active Directory, Configuring
QUESTION 41
You are an administrator at ABC.com.
Company has a network of 5 member servers acting as file servers.
It has an Active Directory domain.
You have installed a software application on the servers.
As soon as the application is installed, one of the member servers shuts down itself.
To trace and rectify the problem, you create a Group Policy Object (GPO).
You need to change the domain security settings to trace the shutdowns and identify the cause of it.
What should you do to perform this task?
A. Link the GPO to the domain and enable System Events option
B. Link the GPO to the domain and enable Audit Object Access option
C. Link the GPO to the Domain Controllers and enable Audit Object Access option
D. Link the GPO to the Domain Controllers and enable Audit Process tracking option
E. Perform all of the above actions
Answer: A
Explanation:
http://msdn.microsoft.com/en-us/library/ms813610.aspx
Audit system events
Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy Description Determines whether to audit when a user restarts or shuts down the computer; or an event has occurred that affects either the system security or the security log.
By default, this value is set to No auditing in the Default Domain Controller Group Policy object (GPO) and in the local policies of workstations and servers.
If you define this policy setting, you can specify whether to audit successes, audit failures, or not to audit the event type at all. Success audits generate an audit entry when a system event is successfully executed. Failure audits generate an audit entry when a system event is unsuccessfully attempted. You can select No auditing by defining the policy setting and unchecking Success and Failure.
QUESTION 42
ABC.com has a network that consists of a single Active Directory domain.
A technician has accidently deleted an Organizational unit (OU) on the domain controller.
As an administrator of ABC.com, you are in process of restoring the OU.
You need to execute a non-authoritative restore before an authoritative restore of the OU.
Which backup should you use to perform non-authoritative restore of Active Directory Domain Services (AD DS) without disturbing other data stored on domain controller?
A. Critical volume backup
B. Backup of all the volumes
C. Backup of the volume that hosts Operating system
D. Backup of AD DS folders
E. all of the above
Answer: A
Explanation:
http://technet.microsoft.com/en-us/library/cc730683%28v=ws.10%29.aspx
Performing a Nonauthoritative Restore of AD DS
To perform a nonauthoritative restore of Active Directory Domain Services (AD DS), you need at least a system state backup.
To restore a system state backup, use the wbadmin start systemstaterecovery command.
The procedure in this topic uses the wbadmin start systemstaterecovery command.
You can also use a critical-volume backup to perform a nonauthoritative restore, or a full server backup if you do not have a system state or critical-volume backup. A full server backup is generally larger than a critical-volume backup or system state backup. Restoring a full server backup not only rolls back data in AD DS to the time of backup, but it also rolls back all data in other volumes. Rolling back this additional data is not necessary to achieve nonauthoritative restore of AD DS. To restore a critical-volume backup or full server backup, use the wbadmin start recovery command.
QUESTION 43
ABC.com has a network that consists of a single Active Directory domain.
Windows Server 2008 is installed on all domain controllers in the network.
You are instructed to capture all replication errors from all domain controllers to a central location.
What should you do to achieve this task?
A. Initiate the Active Directory Diagnostics data collector set
B. Set event log subscriptions and configure it
C. Initiate the System Performance data collector set
D. Create a new capture in the Network Monitor
Answer: B
Explanation:
http://technet.microsoft.com/en-us/library/cc748890.aspx
Configure Computers to Forward and Collect Events
Before you can create a subscription to collect events on a computer, you must configure both the collecting computer (collector) and each computer from which events will be collected (source).
http://technet.microsoft.com/en-us/library/cc749183.aspx
Event Subscriptions
Event Viewer enables you to view events on a single remote computer. However, troubleshooting an issue might require you to examine a set of events stored in multiple logs on multiple computers.
Windows Vista includes the ability to collect copies of events from multiple remote computers and store them locally. To specify which events to collect, you create an event subscription. Among other details, the subscription specifies exactly which events will be collected and in which log they will be stored locally. Once a subscription is active and events are being collected, you can view and manipulate these forwarded events as you would any other locally stored events.
Using the event collecting feature requires that you configure both the forwarding and the collecting computers.
The functionality depends on the Windows Remote Management (WinRM) service and the Windows Event Collector (Wecsvc) service. Both of these services must be running on computers participating in the forwarding and collecting process.
http://technet.microsoft.com/en-us/library/cc961808.aspx
Replication Issues
QUESTION 44
Company has a single domain network with Windows 2000, Windows 2003, and Windows 2008 servers.
Client computers running Windows XP and Windows Vista.
All domain controllers are running Windows server 2008.
You need to deploy Active Directory Rights Management System (AD RMS) to secure all documents, spreadsheets and to provide user authentication.
What do you need to configure, in order to complete the deployment of AD RMS?
A. Upgrade all client computers to Windows Vista.
Install AD RMS on domain controller Company _DC1
B. Ensure that all Windows XP computers have the latest service pack and install the RMS
client on all systems.
Install AD RMS on domain controller Company _DC1
C. Upgrade all client computers to Windows Vista.
Install AD RMS on Company _SRV5
D. Ensure that all Windows XP computers have the latest service pack and install the RMS
client on all systems.
Install AD RMS on domain controller Company _SRV5
E. None of the above
Answer: D
Explanation:
http://technet.microsoft.com/en-us/library/dd772753%28v=ws.10%29.aspx
QUESTION 45
You are formulating the backup strategy for Active Directory Lightweight Directory Services (AD LDS) to ensure that data and log files are backed up regularly.
This will also ensure the continued availability of data to applications and users in the event of a system failure.
Because you have limited media resources, you decided to backup only specific ADLDS instance instead of taking backup of the entire volume.
What should you do to accomplish this task?
A. Use Windows Server backup utility and enable checkbox to take only backup of database
and log files of AD LDS
B. Use Dsdbutil.exe tool to create installation media that corresponds only to the ADLDS
instance
C. Move AD LDS database and log files on a separate volume and use windows server backup
utility
D. None of the above
Answer: B
Explanation:
http://technet.microsoft.com/en-us/library/cc730941.aspx
Backing up AD LDS instance data with Dsdbutil.exe
With the Dsdbutil.exe tool, you can create installation media that corresponds only to the AD LDS instance that you want to back up, as opposed to backing up entire volumes that contain the AD LDS instance.
QUESTION 46
You had installed Windows Server 2008 on a computer and configured it as a file server, named FileSrv1.
The FileSrv1 computer contains four hard disks, which are configured as basic disks.
For fault tolerance and performance you want to configure Redundant Array of Independent Disks (RAID) 0 +1 on FileSrv1.
Which utility you will use to convert basic disks to dynamic disks on FileSrv1?
A. Diskpart.exe
B. Chkdsk.exe
C. Fsutil.exe
D. Fdisk.exe
E. None of the above
Answer: A
Explanation:
http://technet.microsoft.com/en-us/library/cc771534.aspx
[Diskpart] Convert dynamic Converts a basic disk into a dynamic disk.
QUESTION 47
ABC.com has a domain controller that runs Windows Server 2008.
The ABC.com network boasts 40 Windows Vista client machines.
As an administrator at ABC.com, you want to deploy Active Directory Certificate service (AD CS) to authorize the network users by issuing digital certificates.
What should you do to manage certificate settings on all machines in a domain from one main location?
A. Configure Enterprise CA certificate settings
B. Configure Enterprise trust certificate settings
C. Configure Advance CA certificate settings
D. Configure Group Policy certificate settings
E. All of the above
Answer: D
Explanation:
http://technet.microsoft.com/en-us/library/cc725911.aspx
AD CS: Policy Settings
In the Windows ServerĀ® 2008 operating system, certificate-related Group Policy settings enable administrators to manage certificate validation settings according to the security needs of the organization.
What are certificate settings in Group Policy?
Certificate settings in Group Policy enable administrators to manage the certificate settings on all the computers in the domain from a central location.
QUESTION 48
A domain controller named DC12 runs critical services.
Restructuring of the organizational unit hierarchy for the domain has been completed and unnecessary objects have been deleted.
You need to perform an offline defragmentation of the Active Directory database on DC12.
You also need to ensure that the critical services remain online.
What should you do?
A. Start the domain controller in the Directory Services restore mode. Run the Defrag utility.
B. Start the domain controller in the Directory Services restore mode. Run the Ntdsutil utility.
C. Stop the Domain Controller service in the Services (local) Microsoft Management Console
(MMC). Run the Defrag utility.
D. Stop the Domain Controller service in the Services (local) Microsoft Management Console
(MMC). Run the Ntdsutil utility.
Answer: D
Explanation:
http://support.microsoft.com/kb/232122
QUESTION 49
Your company has a server that runs Windows Server 2008 R2.
The server runs an instance of Active Directory Lightweight Directory Services (AD LDS).
You need to replicate the AD LDS instance on a test computer that is located on the network.
What should you do?
A. Run the repadmin /kcc <servername> command on the test computer.
B. Create a naming context by running the Dsmgmt command on the test computer.
C. Create a new directory partition by running the Dsmgmt command on the test computer.
D. Create and install a replica by running the AD LDS Setup wizard on the test computer.
Answer: D
Explanation:
http://technet.microsoft.com/en-us/library/cc771946.aspx
QUESTION 50
Your network contains an Active Directory domain.
The relevant servers in the domain are configured as shown in the following table.
You need to ensure that all device certificate requests use the MD5 hash algorithm.
What should you do?
A. On Server2, run the Certutil tool.
B. On Server1, update the CEP Encryption certificate template.
C. On Server1, update the Exchange Enrollment Agent (Offline Request) template.
D. On Server3, set the value of the HKLM\Software\Microsoft\Cryptography\MSCEP\
HashAlgorithm\HashAlgorithm registry key.
Answer: D
Explanation:
http://technet.microsoft.com/en-us/library/ff955642.aspx
70-640 Updated Questions are 2015 Latest Released Which 100% will Meet in Your 70-640 Test! Braindump2go New Released 70-640 Exam Dumps Contain All New Added Questions Which Will Help you Have A Totally Success in 2015 New Tear! Download our 100% Pass Guaranteed 70-640 Exam Dumps Full Version, special 10% Off Discount enjoyed!