Your network contains an Active Directory domain. The domain contains five sites. One of the sites contains a read-only domain controller (RODC) named RODC1. You need to identify which user accounts can have their password cached on RODC1. Which tool should you use?
Your network contains four domain controllers. The domain controllers are configured as shown in the following table.
All of the domain controllers are configured to host an Active Directory-integrated zone for their respective domain. A GlobalNames zone is deployed in the fabrikam.com forest.
You add a canonical (CNAME) record named Server1 to the GlobalNames zone. You discover that users in the contoso.com forest cannot resolve the name Server1. The users in fabrikam.com can resolve the name Server1.
You need to ensure that the contoso.com users can resolve names in the GlobalNames zone.
What should you do? (Each correct answer presents part of the solution. Choose two.)
A. Run dnscmd.exe and specify the globalnamesqueryorder parameter on CONT-DC1 and CONT-DC2.
B. Add service location (SRV) records named _globalnames to the _msdcs.contoso.com zone.
C. Run dnscmd.exe and specify the enableglobalnamessupport parameter on CONT-DC1 and CONTDC2.
D. Run dnscmd.exe and specify the globalnamesqueryorder parameter on FABR-DC1 and FABR-DC2.
E. Run dnscmd.exe and specify the enableglobalnamessupport parameter on FABR-DC1 and FABRDC2.
F. Add service location (SRV) records named _globalnames to the _msdcs.fabrikam.com zone.
A corporate network includes an Active Directory-integrated zone. All DNS servers that host the zone are domain controllers. You add multiple DNS records to the zone. You need to ensure that the new records are available on all DNS servers as soon as possible. Which tool should you use?
Your network contains an Active Directory domain. The domain contains two file servers. The file servers are configured as shown in the following table.
You create a Group Policy object (GPO) named GPO1 and you link GPO1 to OU1. You configure the advanced audit policy as shown in the exhibit. (Click the Exhibit button.)
You discover that the settings are not applied to Server1. The settings are applied to Server2. You need to ensure that access to the file shares on Server1 is audited. What should you do?
A. On Server1, run secedit.exe and specify the /configure parameter.
B. On Server1, run auditpol.exe and specify the /set parameter.
C. From GPO1, configure the Security Options.
D. From Active Directory Users and Computers, modify the permissions of the computer account for Server1.
E. From Active Directory Users and Computers, add Server1 to the Event Log Readers group.
A corporate network includes a single Active Directory Domain Services (AD DS} domain.
The HR department has a dedicated organization unit (OU) named HR. The HR OU has two sub-OUs: HR Users and HR Computers. User accounts for the HR department reside in the HR Users OU. Computer accounts for the HR department reside in the HR Computers OU. All HR department employees belong to a security group named HR Employees. All HR department computers belong to a security group named HR PCs.
Company policy requires that passwords are a minimum of six characters.
You need to ensure that, the next time HR department employees change their passwords, the passwords are required to have at least eight characters. The password length requirement should not change for employees of any other department.
What should you do?
A. Modify the local security policy on each computer in the HR PCs group.
B. Create a fine-grained password policy and apply it to the HR Employees group.
C. Create a new GPO, with the necessary password policy, and link it to the HR Computers OU.
D. Create a fine-grained password policy and apply it to the HR Computers OU.
Your network contains an Active Directory domain. The domain contains a domain controller named DC1 that runs Windows Server 208 R2 Service Pack 1 (SP1). You need to implement a central store for domain policy templates. What should you do? To answer, select the source content that should be copied to the destination folder in the answer area.
Your network contains an Active Directory domain named contoso.com. The domain contains a file server named Server1. Server1 has a shared folder named Profiles.
You plan to create a new user template named User_Template. You need to ensure that when you copy User_Temptate, the new user account has a unique profile folder created in the Profiles share.
Which value should you specify for the profile path?
You deploy a certification authority (CA) named CA1. CA1 will be used to issue a large number of temporary certificates to provide users with access to public wireless access points (WAPs).
You create a certificate template named Template1. You enable the Do not store certificates and requests in the CA database option.
You need to configure CA1 to ensure that certificate requests and issued certificates for Template1 are not stored in the CA database.
Which command should you run?
A. certutil -setreg DBFlags +DBFLAGS_MAXCACHESIZEX100
B. certutil -setreg DBFlags +DBFLAGS_CREATEIFNEEDED
C. certutil -setreg DBFlags -DBFLAGS_LOGBUFFERSHUGE
D. certutil -setreg DBFlags +DBFLAGS_ENABLEVOLATILEREQUESTS
A user attempts to join a computer to the domain, but the attempt fails.
You need to ensure that the user can join fifty computer to the domain. You must ensure that the user is denied any additional rights beyond those required to complete the task. What should you do?
A. Prestage each computer account in the Active Directory domain.
B. Deploy a Group Policy Object (GPO) that modifies the user rights settings.
C. Add the user to the Domain Administrators group for one day.
D. Deploy a Group Policy object (GPO) that modifies the Restricted Groups settings.
A corporate network includes a single Active Directory Domain Services (AD D5) domain.
All regular user accounts reside in an organizational unit (OU) named Employees. All administrator accounts reside in an OU named Admins.
You need to ensure that any time an administrator modifies an employee’s name in AD DS, the change is audited. What should you
A. Use the Auditpol.exe command-line tool to enable the directory services access auditing subcategory.
B. Enable the Audit directory service access setting in the Default Domain Controllers Policy Group Policy Object.
C. Create a Group Policy Object with the Audit directory service access setting enabled and link it to the Employees OU.
D. Enable the Audit directory service access setting in the Default Domain Policy Group Policy Object.
Latest Microsoft 70-640 Study Materials with Discount PDF & VCE Files