Your company, Contoso Ltd, has offices in North America and Europe. Contoso has an Active Directory forest that has three domains. You need to reduce the time required to authenticate users from the labs.eu.contoso.com domain when they access resources in the eng.na.contoso.com domain. What should you do?
A. Decrease the replication interval for all Connection objects.
B. Decrease the replication interval for the DEFAULTIPSITELINK site link.
C. Set up a one-way shortcut trust from eng.na.contoso.com to labs.eu.contoso.com.
D. Set up a one-way shortcut trust from labs.eu.contoso.com to eng.na.contoso.com.
Your company purchases a new application to deploy on 200 computers. The application requires that you modify the registry on each target computer before you install the application. The registry modifications are in a file that has an .adm extension. You need to prepare the target computers for the application. What should you do?
A. Import the .adm file into a new Group Policy Object (GPO). Edit the GPO and link it to an organizational unit that contains the target computers.
B. Create a Microsoft Windows PowerShell script to copy the .adm file to each computer. Run the REDIRUsr CONTAINER-DN command on each target computer.
C. Create a Microsoft Windows PowerShell script to copy the .adm file to the startup folder of each target computer.
D. Create a Microsoft Windows PowerShell script to copy the .adm file to each computer. Run the REDIRCmp CONTAINER-DN command on each target computer.
Your company has an Active Directory forest that contains eight linked Group Policy Objects (GPOs). One of these GPOs publishes applications to user objects. A user reports that the application is not available for installation. You need to identify whether the GPO has been applied. What should you do?
A. Run the Group Policy Results utility for the user.
B. Run the GPRESULT /S <system name> /Z command at the command prompt.
C. Run the GPRESULT /SCOPE COMPUTER command at the command prompt.
D. Run the Group Policy Results utility for the computer.
Your company has an Active Directory domain.
You plan to install the Active Directory Certificate Services (AD CS) server role on a member server that runs Windows Server 2008 R2.
You need to ensure that members of the Account Operators group are able to issue smartcard credentials. They should not be able to revoke certificates.
Which three actions should you perform? (Each correct answer presents part of the solution. Choose three.)
A. Create an Enrollment Agent certificate.
B. Create a Smartcard logon certificate.
C. Restrict enrollment agents for the Smartcard logon certificate to the Account Operator group.
D. Install the AD CS role and configure it as an Enterprise Root CA.
E. Install the AD CS role and configure it as a Standalone CA.
F. Restrict certificate managers for the Smartcard logon certificate to the Account Operator group.
You create 200 new user accounts. The users are located in six different sites. New users report that they receive the following error message when they try to log on: “The username or password is incorrect.”
You confirm that the user accounts exist and are enabled. You also confirm that the user name and password information supplied are correct.
You need to identify the cause of the failure. You also need to ensure that the new users are able to log on.
Which utility should you run?
A. Active Directory Domains and Trusts
Your network contains an Active Directory forest. All domain controllers run Windows Server 2008 R2 and are configured as DNS servers. You have an Active Directory-integrated zone for contoso.com. You have a Unix-based DNS server. You need to configure your Windows Server 2008 R2 environment to allow zone transfers of the contoso.com zone to the Unix-based DNS server. What should you do in the DNS Manager console?
A. Enable BIND secondaries
B. Create a stub zone
C. Disable recursion
D. Create a secondary zone
Your company has an Active Directory domain. You log on to the domain controller. The Active Directory Schema snap-in is not available in the Microsoft Management Console (MMC). You need to access the Active Directory Schema snap-in. What should you do?
A. Add the Active Directory Lightweight Directory Services (AD LDS) role to the domain controller by using Server Manager.
B. Log off and log on again by using an account that is a member of the Schema Administrators group.
C. Use the Ntdsutil.exe command to connect to the Schema Master operations master and open the schema for writing.
D. Register Schmmgmt.dll.
Your company has a server that runs Windows Server 2008 R2. Active Directory Certificate Services (AD CS) is configured as a standalone Certification Authority (CA) on the server.
You need to audit changes to the CA configuration settings and the CA security settings.
Which two tasks should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Configure auditing in the Certification Authority snap-in.
B. Enable auditing of successful and failed attempts to change permissions on files in the %SYSTEM32%\CertSrv directory.
C. Enable auditing of successful and failed attempts to write to files in the %SYSTEM32%\CertLog directory.
D. Enable the Audit object access setting in the Local Security Policy for the Active Directory Certificate Services (AD CS) server.
Your company has a single-domain Active Directory forest. The functional level of the domain is Windows Server 2008.
You perform the following activities:
Create a global distribution group.
Add users to the global distribution group.
Create a shared folder on a Windows Server 2008 member server.
Place the global distribution group in a domain local group that has access to the shared folder.
You need to ensure that the users have access to the shared folder.
What should you do?
A. Add the global distribution group to the Domain Administrators group.
B. Change the group type of the global distribution group to a security group.
C. Change the scope of the global distribution group to a Universal distribution group.
D. Raise the forest functional level to Windows Server 2008.
Your company hires 10 new employees. You want the new employees to connect to the main office through a VPN connection. You create new user accounts and grant the new employees they Allow Read and Allow Execute permissions to shared resources in the main office. The new employees are unable to access shared resources in the main office. You need to ensure that users are able to establish a VPN connection to the main office. What should you do?
A. Grant the new employees the Allow Access Dial-in permission.
B. Grant the new employees the Allow Full control permission.
C. Add the new employees to the Remote Desktop Users security group.
D. Add the new employees to the Windows Authorization Access security group.
Latest Microsoft 70-640 Practice Tests Free Download with PDF & VCE