web analytics

Latest Microsoft 70-640 Practice Tests Free Download with PDF & VCE (171-180)

QUESTION 171
You need to ensure that users who enter three successive invalid passwords within 5 minutes are locked out for 5 minutes. Which three actions should you perform? (Each correct answer presents part of the solution.Choose three.)

A.    Set the Minimum password age setting to one day.
B.    Set the Maximum password age setting to one day.
C.    Set the Account lockout duration setting to 5 minutes.
D.    Set the Reset account lockout counter after setting to 5 minutes.
E.    Set the Account lockout threshold setting to 3 invalid logon attempts.
F.    Set the Enforce password history setting to 3 passswords remembered.

Answer: CDE

QUESTION 172
Your network contains an Active Directory domain named contoso.com. The Administrator deletes an OU named OU1 accidentally. You need to restore OU1. Which cmdlet should you use?

A.    Set-ADObject cmdlet.
B.    Set-ADOrganizationalUnit cmdlet.
C.    Set-ADUser cmdlet.
D.    Set-ADGroup cmdlet.

Answer: A

QUESTION 173
Your network contains an Active Directory domain. The domain is configured as shown in the exhibit.
You have a Group Policy Object (GPO) linked to the domain.
You need to ensure that the settings in the GPO are not processed by user accounts or computer accounts in the Finance organizational unit (OU). You must achieve this goal by using the minimum amount of administrative effort.
What should you do?

A.    Modify the Group Policy Permission.
B.    Configure WMI filtering.
C.    Enable block inheritance.
D.    Enable loopback processing in replace mode.
E.    Configure the link order.
F.    Configure Group Policy Preferences.
G.    Link the GPO to the Human Resources OU.
H.    Configure Restricted Groups.
I.    Enable loopback processing in merge mode.
J.    Link the GPO to the Finance OU.

Answer: C

QUESTION 174
Your network contains an Active Directory domain named contoso.com.
You have an organizational unit (OU) named Sales and an OU named Engineering.
You have two Group Policy objects (GPOs) named GP01 and GPO2. GP01 and GP02 are linked to the Sales OU and contain multiple settings.
You discover that GPO2 has a setting that conflicts with a setting in GP01. When the policies are applied, the setting in GPO2 takes effect.
You need to ensure that the settings in GP01 supersede the settings in GP02. The solution must ensure that all non-conflicting settings in both GPOs are applied.

A.    Configure Restricted Groups.
B.    Configure the link order.
C.    Link the GPO to the Sales OU.
D.    Link the GPO to the Engineering OU.
E.    Enable loopback processing in merge mode.
F.    Modify the Group Policy permissions.
G.    Configure WMI Filtering.
H.    Configure Group Policy Preferences.
I.    Enable loopback processing in replace mode.
J.    Enable block inheritance.

Answer: B

QUESTION 175
Your network contains an Active Directory forest.
All users have a value set for the Department attribute.
From Active Directory Users and Computers, you search a domain for all users who have a Department attribute value of Marketing. The search returns 50 users.
From Active Directory Users and Computers, you search the entire directory for all users who have a Department attribute value of Marketing.
The search does not return any users.
You need to ensure that a search of the entire directory for users in the marketing department returns all of the users who have the Marketing Department attribute.
What should you do?

A.    Install the Windows Search Service role service on a global catalog server.
B.    From the Active Directory Schema snap-in modify the properties of the Department attribute.
C.    Install the Indexing Service role service on a global catalog server.
D.    From the Active Directory Schema snap-in modify the properties of the user class.

Answer: B

QUESTION 176
Your network contains an Active Directory forest. The forest contains one domain named contoso.com.
You discover the following event in the Event log of domain controllers:
“The request for a new account-identifier pool failed. The operation will be retried until the request succeeds. The error is ” %1 “”
You need to ensure that the domain controllers can acquire new account-identifier pools successfully.
What should you do?

A.    Move the PDC emulator role.
B.    Move the schema master role.
C.    Move the global catalog server.
D.    Move the domain naming master role.
E.    Move the infrastructure master role.
F.    Move the RID master role.
G.    Restart the Active Directory Domain Services (AD DS) service.
H.    Deploy an additional global catalog server.
I.    Move the bridgehead server.
J.    Install a read-only domain controller (RODC).

Answer: F

QUESTION 177
Your network contains an Active Directory domain named contoso.com.
You need to create one password policy for administrators and another password policy for all other users. Which tool should you use?

A.    Ntdsutil
B.    Active Directory Users and Computers
C.    ADSI Edit
D.    Group Policy Management Console (GPMC)

Answer: C

QUESTION 178
Your network contains an Active Directory forest named contoso.com.
You need to identify whether a fine-grained password policy is applied to a specific group.
Which tool should you use?

A.    Active Directory Sites and Services
B.    Authorization Manager
C.    Local Security Policy
D.    ADSI Edit

Answer: D

QUESTION 179
A corporate network includes an Active Directory-integrated zone. All DNS servers that host the zone are domain controllers.
You add multiple DNS records to the zone.
You need to ensure that the new records are available on all DNS servers as soon as possible.
Which tool should you use?

A.    Repadmin
B.    Active Directory Domains and Trusts console
C.    Ldp
D.    Ntdsutil

Answer: A

QUESTION 180
Your network contains an Active Directory forest named contoso.com. The forest contains two
domains named contoso.com and child.contoso.com. The forest contains two sites named Seattle and Denver. Both sites contain users, client computers, and domain controllers from both domains.
The Seattle site contains the first domain controller deployed to the forest. The Seattle site also contains the primary domain controller (PDC) emulator for both domains. All of the domain controllers are configured as DNS servers. All DNS zones are replicated to all of the domain controllers in the forest.
The users in the Denver site report that is takes a long time to log on to their client computer when they use their user principal name (UPN). The users in the Seattle site do not experience the same issue.
You need to reduce the amount of time it takes for the Denver users to log on to their client computer by using their UPN.
What should you do?

A.    Reduce the cost of the site link between the Denver site and the Seattle site.
B.    Enable the global catalog on a domain controller in the Denver site.
C.    Enable universal group membership caching in the Denver site.
D.    Move a PDC emulator to the Denver site.
E.    Reduce the replication interval of the site link between the Denver site and the Seattle site.
F.    Add an additional domain controller to the Denver site.

Answer: B

Latest Microsoft 70-640 Practice Tests Free Download with PDF & VCE