Your network contains an Active Directory domain. The domain contains four domain controllers. You create a new application directory partition. You need to ensure that the new application directory partition replicates to only three of the domain controllers. Which tool should you use?
A. Active Directory Administrative Center
Your network contains an Active Directory domain named contoso.com. All domain controllers run a Server Core installation of Windows Server 2008 R2. You need to identify which domain controller holds the PDC emulator role. Which tool should you run?
Your network contains an Active Directory forest. The forest contains two domains. The forest contains four domain controllers. The domain controllers are configured as shown in the following table.
All user accounts are located in the child.contoso.com domain. Users in the child.contoso.com domain are members of several security groups in the contoso.com domain. Your company decides to change the naming standard of user accounts. You rename all of the user accounts to comply with the new standard. You discover that the old user names are listed in the members’ list of the security groups in the contoso.com domain. You need to ensure that the members’ list of the security groups in the contoso.com domain displays the new user names. What should you do?
A. Transfer the PDC emulator role from DC2 to DC3.
B. Configure DC5 as a global catalog server.
C. Configure DC1 as a global catalog server.
D. Transfer the infrastructure master role from DC3 to DC2.
You are decommissioning a child domain. The child domain contains five operations master roles. You need to transfer the forest operations master roles to a newly installed domain controller in a different child domain. Which two domain operations master roles should you transfer? (Each correct answer presents part of the solution. Choose two.)
A. RID master
B. PDC emulator
C. Schema master
D. Domain naming master
E. Infrastructure master
Your network contains an Active Directory domain.
The domain contains a certification authority (CA).
The network contains several Layer 3 switches.
You need to ensure that the switches can request certificates from the CA.
Which role service should you deploy?
A. Network Device Enrollment Service
B. Windows Token-based Agent
C. Network Policy Server
D. Client Certificate Mapping Authentication
Your network contains an Active Directory forest named contoso.com. The forest contains an enterprise certification authority (CA). The enterprise CA is inaccessible from the internet.
You have a server named Server1 that runs Windows Server 2008 R2. Server1 is accessible from the Internet. Server1 can communicate with the enterprise CA.
You need to ensure that laptops that are joined to the domain can renew their certificates automatically from the Internet.
Which two role services should you install on Server1? (To answer, select the two appropriate role services in the answer area.)
Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2.
You configure Server1 as a standalone root certification authority (CA). You identify the following
requirements for the public key infrastructure (PKI):
– The root CA must be offline once the PKI is deployed.
– Users must be able to enroll for certificates automatically.
You need to configure Server2 to meet the PKI requirements. What should you configure on Server2?
A. A standalone subordinate CA
B. A standalone root CA
C. An enterprise subordinate CA
D. An enterprise root CA
Your network contains an Active Directory domain named contoso.com.
The aging and scavenging settings of the contoso.com zone are configured as shown in the exhibit. (Click the Exhibit button.)
To answer, complete each statement according to the information presented in the exhibit.
Your network contains an Active Directory domain named contoso.com. The domain contains three domain controllers named DC1, DC2 and DC3.
You need to create a zone named adatum.com that replicates between DC1 and DC2 only. The zone data for adatum.com must be writable on both DC1 and DC2.
Which three actions should you perform in sequence? (To answer, move the appropriate three actions from the list of actions to the answer area and arrange them in the correct order.)
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2008 R2. The domain contains a domain controller named DC1. DC1 hosts an Active Directory-integrated zone for contoso.com.
You enable record scavenging for contoso.com by using the default settings. You configure scavenging to run every seven days.
After 30 days, you discover that some DNS records of computers that were removed from the network are still present in the contoso.com zone.
You need to ensure that the scavenging process can remove the stale records.What command should you run? (To answer, select the appropriate options in the answer area.)
Latest Microsoft 70-640 Study Materials with Discount PDF & VCE Files