70-640 - TS: Windows Server 2008 Active Directory, Configuring

Go back to Microsoft

Example Questions

Your company has a domain controller server that runs the Windows Server 2008 R2 operating system. The server is a backup server. The server has a single 500-GB hard disk that has three partitions for the operating system, applications, and data. You perform daily backups of the server. The hard disk fails. You replace the hard disk with a new hard disk of the same capacity. You restart the computer on the installation media. You select the Repair your computer option. You need to restore the operating system and all files. What should you do? A network contains an Active Directory forest. The forest schema contains a custom attribute for user objects. You need to view the custom attribute value of 500 user accounts in a Microsoft Excel table. Which tool should you use? Your network contains an Active Directory-integrated DNS zone named contoso.com. You discover that the zone includes DNS records for computers that were removed from the network. You need to ensure that the DNS records are deleted automatically from the zone. What should you do? Your company has a main office and three branch offices. The company has an Active Directory forest that has a single domain. Each office has one domain controller. Each office is configured as an Active Directory site. All sites are connected with the DEFAULTIPSITELINK object. You need to decrease the replication latency between the domain controllers. What should you do? Your company has an Active Directory domain. A user attempts to log on to the domain from a client computer and receives the following message: "This user account has expired. Ask your administrator to reactivate the account." You need to ensure that the user is able to log on to the domain. What should you do? Your network contains an Active Directory domain named contoso.com. A partner company has an Active Directory domain named nwtraders.com. The networks for contoso.com and nwtraders.com connect to each other by using a WAN link. You need to ensure that users in contoso.com can access resources in nwtraders.com and resources on the Internet. What should you do first? You work as an administrator at ABC.com. The ABC.com network consists of a single Active Directory domain named ABC.com. All servers on the ABC.com network, including domain controllers, run Windows Server 2008 R2. The ABC.com network contains multiple domain controllers. Subsequent to making changes to the Active Directory schema, you execute the repadmin command with the /showrepl parameter. Which of the following describes the reason for executing this command? Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1. DC1 hosts a standard primary zone for contoso.com. You discover that non-domain member computers register records in the contoso.com You need to prevent the non-domain member computers from registering records in the contoso.com zone. All domain member computers must be allowed to register records in the contoso.com zone. What should you do first? An Active Directory database is installed on the C volume of a domain controller. You need to move the Active Directory database to a new volume. What should you do? Your network contains an Active Directory domain.You need to restore a deleted computer account from the Active Directory Recycle Bin. What should you do? You have a Windows PowerShell script that contains the following code: import-csv Accounts.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true - AccountPassword $_. password} When you run the script, you receive an error message indicating that the format of the password is incorrect. You need to run a script that successfully creates the user accounts by using the password contained in accounts.csv. Which script should you run? You work as the network administrator at ABC.com. The ABC.com network has a domain named ABC.com with a perimeter network. All domain controllers on the ABC.com network run Windows Server 2008 R2 and function as DNS servers. There are two domain controllers named ABC-SR01 and ABC-SR02. During the course of the day you deploy an additional DNS server named ABC-SR03 to the perimeter network. You have later decided to configure ABC-SR01 to forward all unresolved requests to ABC-SR03. During your routine maintenance you discover that DNS forward option is unavailable on ABC- SR02. ABC.com recently requested that you travel to the Paris office and configure DNS forwarding on ABC-SR02 so that unresolved name requests are forward to ABC-SR03. Which of the following actions should you take? (Choose two) Your network contains an Active Directory domain named contoso.com. All domain controllers and member servers run Windows Server 2008. All client computers run Windows 7. From a client computer, you create an audit policy by using the Advanced Audit Policy Configuration settings in the Default Domain Policy Group Policy object (GPO). You discover that the audit policy is not applied to the member servers. The audit policy is applied to the client computers. You need to ensure that the audit policy is applied to all member servers and all client computers. What should you do? Your network contains a single Active Directory domain. Client computers run either Windows XP Service Pack 3 (SP3) or Windows 7. All of the computer accounts for the client computers are located in an organizational unit (OU) named OU1. You link a new Group Policy object (GPO) named GPO10 to OU1. You need to ensure that GPO10 is applied only to client computers that run Windows 7. What should you do? One of the remote branch offices is running a Windows Server 2008 read only domain controller (RODC). For security reasons you don't want some critical credentials like (passwords, encryption keys) to be stored on RODC. What should you do so that these credentials are not replicated to any RODC's in the forest? (Select 2) Your company has a main office and 40 branch offices. Each branch office is configured as a separate Active Directory site that has a dedicated read-only domain controller (RODC). You need to identify the user accounts that can be cached on the RODC server. Which utility should you use? You have a domain controller named DC1 that runs Windows Server 2008 R2. DC1 is configured as a DNS Server for contoso.com. You install the DNS Server role on a member server named Server1 and then you create a standard secondary zone for contoso.com. You configure DC1 as the master server for the zone. You need to ensure that Server1 receives zone updates from DC1. What should you do? You have a client computer named Computer1 that runs Windows 7. On Computer1, you configure a source-initiated subscription. You configure the subscription to retrieve all events from the Windows logs of a domain controller named DC1. The subscription is configured to use the HTTP protocol. You discover that events from the Security log of DC1 are not collected on Computer1. Events from the Application log of DC1 and the System log of DC1 are collected on Computer1. You need to ensure that events from the Security log of DC1 are collected on Computer1. What should you do? Your network contains an Active Directory domain. The domain contains five sites. One of the sites contains a read-only domain controller (RODC) named RODC1. You need to identify which user accounts can have their password cached on RODC1. Which tool should you use? Your company has an Active Directory forest. Each regional office has an organizational unit (OU) named Marketing. The Marketing OU contains all users and computers in the region's Marketing department. You need to install a Microsoft Office 2007 application only on the computers in the Marketing OUs. You create a GPO named MarketingApps. What should you do next? Your company has one main office and four branch offices. The main office contains a standard primary DNS zone named adatum.com. Each branch office contains a copy of the adatum.com zone. When records are added to the adatum.com zone, you discover that it takes up to one hour before the changes replicate to each zone in the branch offices. You need to minimize the amount of time it takes for the records to be updated in the branch offices. What should you do? Your network consists of a single Active Directory domain. You have a domain controller and a member server that run Windows Server 2008 R2. Both servers are configured as DNS servers. Client computers run either Windows XP Service Pack 3 or Windows 7. You have a standard primary zone on the domain controller. The member server hosts a secondary copy of the zone. You need to ensure that only authenticated users are allowed to update host (A) records in the DNS zone. What should you do first? Your company has an organizational unit named Production. The Production organizational unit has a child organizational unit named R&D. You create a GPO named Software Deployment and link it to the Production organizational unit. You create a shadow group for the R&D organizational unit. You need to deploy an application to users in the Production organizational unit. You also need to ensure that the application is not deployed to users in the R&D organizational unit. What are two possible ways to achieve this goal? (Each correct answer presents a complete solution. Choose two.) Your network contains an Active Directory domain. The domain contains two domain controllers named DC1 and DC2. You perform a full backup of the domain controllers every night by using Windows Server Backup. You update a script in the 5YSVOL folder. The new script fails to run properly. You need to restore the previous version of the script in the SYSVOL folder. The solution must minimize the amount of time required to restore the script. What should you do first? Company has an active directory forest on a single domain. Company needs a distributed application that employs a custom application. The application is directory partition software named PARDAT. You need to implement this application for data replication. Which two tools should you use to achieve this task? (Choose two answers. Each answer is a part of a complete solution) Your company has an Active Directory domain. All servers run Windows Server 2008 R2. Your company uses an Enterprise Root certificate authority (CA). You need to ensure that revoked certificate information is highly available. What should you do? Your network contains an Active Directory domain. All servers run Windows Server 2008 R2. You need to audit the deletion of registry keys on each server. What should you do? You have a domain controller named Server1 that runs Windows Server 2008 R2. You need to determine the size of the Active Directory database on Server1.What should you do? ABC.com has a software evaluation lab. There is a server in the evaluation lab named as CKT. CKT runs Windows Server 2008 and Microsoft Virtual Server 2005 R2. CKT has 200 virtual servers running on an isolated virtual segment to evaluate software. To connect to the internet, it uses physical network interface card. ABC.com requires every server in the company to access Internet. ABC.com security policy dictates that the IP address space used by software evaluation lab must not be used by other networks. Similarly, it states the IP address space used by other networks should not be used by the evaluation lab network. As an administrator you find you that the applications tested in the software evaluation lab need to access normal network to connect to the vendors update servers on the internet. You need to configure all virtual servers on the CKT server to access the internet. You also need to comply with company's security policy. Which two actions should you perform to achieve this task? (Choose two answers. Each answer is a part of the complete solution) Your network contains an Active Directory domain named contoso.com. You plan to deploy a child domain named sales.contoso.com. The domain controllers in sales.contoso.com will be DNS servers for sales.contoso.com. You need to ensure that users in contoso.com can connect to servers in sales.contoso.com by using fully qualified domain names (FQDNs). What should you do? Your company has an Active Directory forest that contains two domains, The forest has universal groups that contain members from each domain. A branch office has a domain controller named DC1, Users at the branch office report that the logon process takes too long. You need to decrease the amount of time it takes for the branch office users to logon. What should you do? Your network contains an Active Directory forest named contoso.com. The forest contains a single domain and 10 domain controllers. All of the domain controllers run Windows Server 2008 R2 Service Pack 1 (SP1). The forest contains an application directory partition named dc=app1/dc=contoso,dc=com. A domain controller named DC1 has a copy of the application directory partition. You need to configure a domain controller named DC2 to receive a copy of dc=app1,dc=contoso,dc=com. Which tool should you use? Your network contains an Active Directory Rights Management Services (AD RMS) cluster. You have several custom policy templates. The custom policy templates are updated frequently. Some users report that it takes as many as 30 days to receive the updated policy templates. You need to ensure that users receive the updated custom policy templates within seven days. What should you do? Active Directory Rights Management Services (AD RMS) is deployed on your network. You need to configure AD RMS to use Kerberos authentication. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.) Your company has an organizational unit named Production. The Production organizational unit has a child organizational unit named R&D. You create a GPO named Software Deployment and link it to the Production organizational unit. You create a shadow group for the R&D organizational unit. You need to deploy an application to users in the Production organizational unit. You also need to ensure that the application is not deployed to users in the R&D organizational unit. What are two possible ways to achieve this goal? ( Choose two.) Your network contains an Active Directory domain named contoso.com. The functional level of the forest is Windows Server 2008 R2. The Default Domain Controller Policy Group Policy object (GPO) contains audit policy settings. On a domain controller named DC1, an administrator configures the Advanced Audit Policy Configuration settings by using a local GPO. You need to identify what will be audited on DC1. Which tool should you use? You have an Active Directory domain named contoso.com. You need to view the account lockout threshold and duration for the domain. Which tool should you use? Your network contains an Active Directory domain. You need to activate the Active Directory Recycle Bin in the domain. Which tool should you use? Greg is the network administrator for a company named ABC.com that operates an AD DS network consisting of a single domain. ABC.com executives have signed a long-term partnership agreement with another company that also operates an AD DS network. ABC.com users will require access to rights-protected confidential information that is stored on web servers located on the second company's network. Users in the second company will not require access to documents on the ABC.com network. Which of the following should Greg configure on the ABC.com network? (Each correct answer represents part of the solution. Choose two answers.) Your network contains an Active Directory domain. The domain contains three domain controllers. One of the domain controllers fails. Seven days later, the help desk reports that it can no longer create user accounts. You need to ensure that the help desk can create new user accounts. Which operations master role should you seize? A company has an Active Directory forest. You plan to install an offline Enterprise root certification authority (CA) on a server named CA1. CA1 is a member of the PerimeterNetwork workgroup and is attached to a hardware security module for private key storage. You attempt to add the Active Directory Certificate Services (AD CS) server role to CA1. The Enterprise CA option is not available. You need to install the AD CS server role as an Enterprise CA on CA1. What should you do first? Your network contains an Active Directory domain named contoso.com. The domain has one Active Directory site. The domain contains an organizational unit (OU) named 0U1. OU1 contains user accounts for 100 users and their managers. You apply a Group Policy object (GPO) named GPO1 to OU1. GPO1 restricts several desktop settings. The managers request that the desktop settings not be applied to them. You need to prevent the desktop settings in GPO1 from being applied to the managers. All other users in OU1 must have GPO1 applied to them. What should you do? Your network contains a single Active Directory domain. The functional level of the forest is Windows Server 2008. The functional level of the domain is Windows Server 2008 R2. All DNS servers run Windows Server 2008. All domain controllers run Windows Server 2008 R2. You need to ensure that you can enable the Active Directory Recycle Bin. What should you do? Your company uses shared folders. Users are granted access to the shared folders by using domain local groups. One of the shared folders contains confidential data. You need to ensure that unauthorized users are not able to access the shared folder that contains confidential data. What should you do? Your company has an Active Directory domain that has an organizational unit named Sales. The Sales organizational unit contains two global security groups named sales managers and sales executives. You need to apply desktop restrictions to the sales executives group. You must not apply these desktop restrictions to the sales managers group. You create a GPO named DesktopLockdown and link it to the Sales organizational unit. What should you do next? Your network consists of a single Active Directory domain. All domain controllers run Windows Server 2008 R2. Auditing is configured to log changes made to the Managed By attribute on group objects in an organizational unit named OU1. You need to log changes made to the Description attribute on all group objects in OU1 only. What should you do? Your company has a main office and a branch office. The network contains an Active Directory forest. The forest contains three domains. The branch office contains one domain controller named DC5. DC5 is configured as a global catalog server, a DHCP server, and a file server. You remove the global catalog from DC5. You need to reduce the size of the Active Directory database on DC5. The solution must minimize the impact on all users in the branch office. What should you do first? Your network contains 50 domain controllers that runs Windows Server 2008 R2. You need to create a script that resets the Directory Services Restore Mode (DSRM) password on all of the domain controllers. The solution must NOT maintain passwords in the script. Which two tools should you use? (Each correct answer presents part of the solution. Choose two.) Your company has a main office and a branch office. The branch office contains a read- only domain controller named RODC1. You need to ensure that a user named Admin1 can install updates on RODC1. The solution must prevent Admin1 from logging on to other domain controllers. What should you do? Your network contains an Active Directory domain that contains five domain controllers. You have a management computer that runs Windows 7. From the Windows 7 computer, you need to view all account logon failures that occur in the domain. The information must be consolidated on one list. Which command should you run on each domain controller?

Study Guides