Your network contains an Active Directory forest. All client computers run Windows 7.
The network contains a high-volume enterprise certification authority (CA).
You need to minimize the amount of network bandwidth required to validate a certificate.
What should you do?
A. Configure an LDAP publishing point for the certificate revocation list (CRL).
B. Configure an Online Certification Status Protocol (OCSP) responder.
C. Modify the settings of the delta certificate revocation list (CRL).
D. Replicate the certificate revocation list (CRL) by using Distributed File System (DFS).
Your network contains an Active Directory domain. You have five organizational units (OUs) named Finance, HR, Marketing, Sales, and Dev. You link a Group Policy object named GPO1 to the domain as shown in the exhibit. (Click the Exhibit button.)
You need to ensure that GPO1 is applied to users in the Finance, HR, Marketing, and Sales OUs. The solution must prevent GPO1 from being applied to users in the Dev OU. What should you do?
A. Enforce GPO1.
B. Modify the security settings of the Dev OU.
C. Link GPO1 to the Finance OU.
D. Modify the security settings of the Finance OU.
Your network contains an Active Directory domain. The domain contains an organizational unit (OU) named OU1. OU1 contains all managed service accounts in the domain. You need to prevent the managed service accounts from being deleted accidentally from OU1. Which cmdlet should you use?
Your network contains an Active Directory domain named contoso.com. Contoso.com contains a writable domain controller named DC1 and a read-only domain controller (RODC) named DC2. All domain controllers run Windows Server 2008 R2. You need to install a new writable domain controller named DC3 in a remote site. The solution must minimize the amount of replication traffic that occurs during the installation of Active Directory Domain Services (AD DS) on DC3. What should you do first?
A. Run dcpromo.exe /createdcaccount on DC3.
B. Run ntdsutil.exe on DC2.
C. Run dcpromo.exe /adv on DC3.
D. Run ntdsutil.exe on DC1.
Your network contains an Active Directory forest. The forest contains 10 domains. All domain controllers are configured as global catalog servers.
You remove the global catalog role from a domain controller named DC5.
You need to reclaim the hard disk space used by the global catalog on DC5.
What should you do?
A. From Active Directory Sites and Services, run the Knowledge Consistency Checker (KCC).
B. From Active Directory Sites and Services, modify the general properties of DC5.
C. From Ntdsutil, use the Semantic database analysis option.
D. From Ntdsutil, use the Files option.
A corporate network includes an Active Directory-integrated zone. All DNS servers that host the zone are domain controllers.
You add multiple DNS records to the zone.
You need to ensure that the new records are available on all DNS servers as soon as possible.
Which tool should you use?
E. Active Directory Sites And Services console
F. Active Directory Domains And Trusts console
You have a DNS zone that is stored in a custom application partition. You need to add a domain controller to the replication scope of the custom application partition. Which tool should you use?
B. DNS Manager
C. Server Manager
Your network contains a server named Server1 that runs Windows Server 2008 R2 Standard. Server1 has the Active Directory Certificate Services (AD CS) role installed. You configure a certificate template named Template1 for autoenrollment. You discover that certificates are not being issued to any client computers. The event logs on the client computers do not contain any autoenrollment errors. You need to ensure that all of the client computers automatically receive certificates based on Template1. What should you do?
A. Modify the Default Domain Policy Group Policy object (GPO).
B. Modify the Default Domain Controllers Policy Group Policy object (GPO).
C. Upgrade Server1 to Windows Server 2008 R2 Enterprise.
D. Restart Certificate Services on Server1.
Your network contains a server that has the Active Directory Lightweight Directory Services (AD LDS) role installed.
You need to perform an automated installation of an AD LDS instance.
Which tool should you use?
Your network contains an Active Directory domain named contoso.com. A partner company has an Active Directory domain named nwtraders.com.
The networks for contoso.com and nwtraders.com connect to each other by using a WAN link.
You need to ensure that users in contoso.com can access resources in nwtraders.com and resources on the Internet.
What should you do first?
A. Modify the Trusted Root Certification Authorities store.
B. Modify the Intermediate Certification Authorities store.
C. Create conditional forwarders.
D. Add a root hint to the DNS server.
Latest Microsoft 70-640 Practice Tests Free Download with PDF & VCE