web analytics

Latest Microsoft 70-640 Practice Tests Free Download with PDF & VCE (151-160)

QUESTION 151
Your company has an Active Directory domain. All servers run Windows Server. You deploy a Certification Authority (CA) server. You create a new global security group named CertIssuers.
You need to ensure that members of the CertIssuers group can issue, approve, and revoke certificates. What should you do?

A.    Assign the Certificate Manager role to the CertIssuers group
B.    Place CertIssuers group in the Certificate Publisher group
C.    Run the certsrv -add CertIssuers command promt of the certificate server
D.    Run the add -member-membertype memberset CertIssuers command by using Microsoft Windows Powershell

Answer: A

QUESTION 152
Your company has an Active Directory domain. The company has purchased 100 new computers. You want to deploy the computers as members of the domain. You need to create the computer accounts in an OU. What should you do?

A.    Run the csvde -f computers.csv command
B.    Run the ldifde -f computers.ldf command
C.    Run the dsadd computer <computerdn> command
D.    Run the dsmod computer <computerdn> command

Answer: C

QUESTION 153
Your network consists of a single Active Directory domain. You have a domain controller and a member server that run Windows Server 2008 R2. Both servers are configured as DNS servers. Client computers run either Windows XP Service Pack 3 or Windows 7. You have a standard primary zone on the domain controller. The member server hosts a secondary copy of the zone.
You need to ensure that only authenticated users are allowed to update host (A) records in the DNS zone.
What should you do first?

A.    On the member server, add a conditional forwarder.
B.    On the member server, install Active Directory Domain Services.
C.    Add all computer accounts to the DNS UpdateProxy group.
D.    Convert the standard primary zone to an Active Directory-integrated zone.

Answer: D

QUESTION 154
Your company has two domain controllers that are configured as internal DNS servers. All zones on the DNS servers are Active Directory-integrated zones. The zones allow all dynamic updates.
You discover that the contoso.com zone has multiple entries for the host names of computers that do not exist.
You need to configure the contoso.com zone to automatically remove expired records.
What should you do?

A.    Enable only secure updates on the contoso.com zone,
B.    Enable scavenging and configure the refresh interval on the contoso.com zone.
C.    From the Start of Authority tab, decrease the default refresh interval on the contoso.com zone.
D.    From the Start of Authority tab, increase the default expiration interval on the contoso.com zone

Answer: B

QUESTION 155
You have an Active Directory domain that runs Windows Server 2008 R2.
You need to implement a certification authority (CA) server that meets the following requirements:
Allows the certification authority to automatically issue certificates
Integrates with Active Directory Domain Services
What should you do?

A.    Install and configure the Active Directory Certificate Services server role as a Standalone Root CA.
B.    Install and configure the Active Directory Certificate Services server role as an Enterprise Root CA.
C.    Purchase a certificate from a third-party certification authority, Install and configure the Active Directory Certificate Services server role as a Standalone Subordinate CA.
D.    Purchase a certificate from a third-party certification authority, Import the certificate into the computer store of the schema master.

Answer: B

QUESTION 156
You have a Windows Server 2008 R2 Enterprise Root certification authority (CA).
You need to grant members of the Account Operators group the ability to only manage Basic EFS certificates.
You grant the Account Operators group the Issue and Manage Certificates permission on the CA.
Which three tasks should you perform next? (Each correct answer presents part of the solution. Choose three.)

A.    Enable the Restrict Enrollment Agents option on the CA.
B.    Enable the Restrict Certificate Managers option on the CA.
C.    Add the Basic EFS certificate template for the Account Operators group.
D.    Grant the Account Operators group the Manage CA permission on the CA.
E.    Remove all unnecessary certificate templates that are assigned to the Account Operators group.

Answer: BCE

QUESTION 157
Your company has an Active Directory domain. You have a two-tier PKI infrastructure that contains an offline root CA and an online issuing CA. The Enterprise certification authority is running Windows Server 2008 R2. You need to ensure users are able to enroll new certificates. What should you do?

A.    Renew the Certificate Revocation List (CRL) on the root CA. Copy the CRL to the CertEnroll folder on the issuing CA.
B.    Renew the Certificate Revocation List (CRL) on the issuing CA, Copy the CRL to the SysternCertificates folder in the users’ profile.
C.    Import the root CA certificate into the Trusted Root Certification Authorities store on all client workstations.
D.    Import the issuing CA certificate into the Intermediate Certification Authorities store on all client workstations,

Answer: A

QUESTION 158
Your company has an Active Directory domain. All servers run Windows Server 2008 R2. Your company uses an Enterprise Root certification authority (CA) and an Enterprise Intermediate CA.
The Enterprise Intermediate CA certificate expires.
You need to deploy a new Enterprise Intermediate CA certificate to all computers in the domain.
What should you do?

A.    Import the new certificate into the Intermediate Certification Store on the Enterprise Root CA server.
B.    Import the new certificate into the Intermediate Certification Store on the Enterprise Intermediate CA server.
C.    Import the new certificate into the Intermediate Certification Store in the Default Domain Controllers group policy object.
D.    Import the new certificate into the Intermediate Certification Store in the Default Domain group policy object.

Answer: B

QUESTION 159
Your company has recently acquired a new subsidiary company in Quebec. The Active Directory administrators of the subsidiary company must use the French-language version of the administrative templates.
You create a folder on the PDC emulator for the subsidiary domain in the path %systemroot%\SYSVOL\domain\Policies\PolicyDefinitions\FR .
You need to ensure that the French-language version of the templates is available.
What should you do?

A.    Download the Conf.adm, System.adm, Wuau.adm, and Inetres.adm files from the Microsoft Web site.
Copy the ADM files to the FR folder.
B.    Copy the ADML files from the French local installation media for Windows Server 2008 R2 to the FR folder on the subsidiary PDC emulator.
C.    Copy the Install.WIM file from the French local installation media for Windows Server 2008 R2 to the FR folder on the subsidiary PDC emulator.
D.    Copy the ADMX files from the French local installation media for Windows Server 2008 R2 to the FR folder on the subsidiary PDC emulator.

Answer: B

QUESTION 160
A user in a branch office of your company attempts to join a computer to the domain, but the attempt fails.
You need to enable the user to join a single computer to the domain. You must ensure that the user is denied any additional rights beyond those required to complete the task.
What should you do?

A.    Prestage the computer account in the Active Directory domain.
B.    Add the user to the Domain Administrators group for one day.
C.    Add the user to the Server Operators group in the Active Directory domain.
D.    Grant the user the right to log on locally by using a Group Policy Object (GPO).

Answer: A

Latest Microsoft 70-640 Practice Tests Free Download with PDF & VCE