83-640 - TS: Windows Server 2008 Active Directory, Configuring

Go back to Microsoft

Example Questions

Your company has an Active Directory domain. AlI servers run Windows Server 2008. Your company uses an Enterprise Root certificate authority (CA). You need to ensure that revoked certificate information is highly available. What should you do? You are decommissioning domain controllers that hold all forest-wide operations master roles. You need to transfer all forest-wide operations master roles to another domain controller. Which two roles should you transfer? (Each correct answer presents part of the solution. Choose two.) Your company has an Active Directory forest. Each branch office has an organizational unit and a child organizational unit named Sales. The Sales organizational unit contains all users and computers of the sales department. You need to install an Office 2007 application only on the computers in the Sales organizational unit. You create a GPO named SalesApp GPO. What should you do next? You had installed Windows Server 2008 on a computer and configured it as a file server, named FileSrv1. The FileSrv1 computer contains four hard disks, which are configured as basic disks. For fault tolerance and performance you want to configure Redundant Array of Independent Disks (RAID) 0 +1 on FileSrv1. Which utility you will use to convert basic disks to dynamic disks on FileSrv1? Your company, Contoso, Ltd., has a main office and a branch office. The offices are connected by a WAN link. Contoso has an Active Directory forest that contains a single domain named ad.contoso.com. The ad.contoso.com domain contains one domain controller named DC1 that is located in the main office. DC1 is configured as a DNS server for the ad.contoso.com DNS zone. This zone is configured as a standard primary zone. You install a new domain controller named DC2 in the branch office. You install DNS on DC2. You need to ensure that the DNS service can update records and resolve DNS queries in the event that a WAN link fails. What should you do? Your company has a single Active Directory domain. AlI domain controllers run Windows Server 2003 You install Windows Server 2008 on a server. You need to add the new server as a domain controller in your domain.What should you do first? Your company has an Active Directory domain. All servers run Windows Server 2008. Your company runs an Enterprise Root certification authority (CA). You need to ensure that only administrators can sign code. Which two tasks should you perform? (Each correct answer presents part of the solution. Choose two.) You are an administrator at . has a RODC (read-only domain controller) server at a remote location. The remote location doesn't have proper physical security. You need to activate non-administrative accounts passwords on that RODC server. Which of the following action should be considered to populate the RODC server with non-administrative accounts passwords? Your company has a main office and three branch offices. The company has an Active Directory forest that has a single domain. Each office has one domain controller. Each office is configured as an Active Directory site. All sites are connected with the DEFAULTIPSITELINK object. You need to decrease the replication latency between the domain controllers. What should you do? Your company has a single Active Directory domain named intranet.contoso.com. All domain controllers run Windows Server 2008. The domain functional level and the forest functional level are set to Windows 2000 native mode. You need to ensure the UPN suffix for contoso.com is available for user accounts. What should you do first? You need to identify all failed logon attempts on the domain controllers. What should you do? has a domain controller that runs Windows Server 2008. The network boosts 40 Windows Vista client machines. As an administrator at , you want to deploy Active Directory Certificate service (AD CS) to authorize the network users by issuing digital certificates. What should you do to manage certificate settings on all machines in a domain from one main location? Your company has two Active Directory forests named contoso.com and fabrikam.com. Both forests run only domain controllers that run Windows Server 2008. The domain functional level of contoso.com is Windows Server 2008. The domain functional level of fabrikam.com is Windows Server 2003 Native mode. You configure an external trust between contoso.com and fabrikam.com. You need to enable the Kerberos AES encryption option. What should you do? Your network consists of a single Active Directory domain.? All domain controllers run Windows Server 2008. You need to identify the Lightweight Directory Access Protocol (LDAP) clients that are using the largest amount of available CPU resources on a domain controller. What should you do? com has a server with Active Directory Rights Management Services (AD RMS) server installed. Users have computers with Windows Vista installed on them with an Active Directory domain installed at Windows Server 2003 functional level. As an administrator at .com, you discover that the users are unable to benefit from AD RMS to protect their documents. You need to configure AD RMS to enable users to use it and protect their documents. What should you do to achieve this functionality? boosts a two-node Network Load Balancing cluster which is called web. CK1 .com. The purpose of this cluster is to provide load balancing and high availability of the intranet website only. With monitoring the cluster, you discover that the users can view the Network Load Balancing cluster in their Network Neighborhood and they can use it to connect to various services by using the name web. CK1 .com. You also discover that there is only one port rule configured for Network Load Balancing cluster. You have to configure web. CK1 .com NLB cluster to accept HTTP traffic only. Which two actions should you perform to achieve this objective? (Choose two answers. Each answer is part of the complete solution) Your company purchases a new application to deploy on 200 computers. The application requires that you modify the registry on each target computer before you install the application. The registry modifications are in a file that has an .adm extension. You need to prepare the target computers for the application. What should you do? You need to relocate the existing user and computer objects in your company to different organizational units. What are two possible ways to achieve this goal? (Each correct answer presents a complete solution. Choose two.) You have a domain controller named DC1 that runs Windows Server 2008. DC1 is configured as a DNS Server for contoso.com. You install the DNS Server role on a member server named Server1 and then you create a standard secondary zone for contoso.com. You configure DC1 as the master server for the zone. You need to ensure that Server1 recerves zone updates from DC1. What should you do? Your network consists of an Active Directory forest that contains one domain named contoso.com AlI domain controllers run Windows Server 2008 and are configured as DNS servers You have two Active Directory-integrated zones : contoso.com and nwtraders.com You need to ensure a user is able to modify records in the contoso.com zone. You must prevent the user from modifying the SOA record in the nwtraders.com zone What should you do? Your network consists of a single Active Directory domain. All domain controllers run Windows Server 2008 The Audit account management policy setting and Audit directory services access setting are enabled for the entire domain. You need to ensure that changes made to Active Directory objects can be logged. The logged changes must include the old and new values of any attributes What should you do? Your company has an Active Directory domain. You log on to the domain controller. The Active Directory Schema snap-in is not available in the Microsoft Management Console (MMC). You need to access the Active Directory Schema snap-in. What should you do? Your company has an Active Directory forest. The forest includes organizational units corresponding to the following four locations. London Chicago New York Madrid Each location has a child organizational unit named Sales. The Sales organizational unit contains all the users and computers from the sales department. The offices in London, Chicago, and New York are connected by T1 connections. The office in Madrid is connected by a 256-Kbps ISDN connection. You need to install an application on all the computers in the sales department. Which two actions should you perform? (Each correct answer presents part of the solution Choose two.) Your company has a domain controller that runs Windows Server 2008. The server is a backup server. The server has a single 500-GB hard disk that has three partitions for the operating system, applications, and data. You perform daily backups of the server. The hard disk fails. You replace the hard disk with a new hard disk of the same capacity. You restart the computer on the installation media. You select the Repair your computer option. You need to restore the operating system and all files. What should you do? Your company has an Active Directory forest. The company has branch offices in three locations. Each location has an organizational unit. You need to ensure that the branch office administrators are able to create and apply GPOs only to their respective organizational units. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.) com has servers on the main network that run Windows Server 2008. It also has two domain controllers. Active Directory services are running on a domain controller named CKDC1. You have to perform critical updates of Windows Server 2008 on CKDC1 without rebooting the server. What should you do to perform offline critical updates on CKDC1 without rebooting the server? has a main office and a branch office. 's network consists of a single Active Directory forest. Some of the servers in the network run Windows Server 2008 and the rest run Windows server 2003. You are the administrator at . You have installed Active Directory Domain Services (AD DS) on a computer that runs Windows Server 2008. The branch office is located in a physically insecure place. It has not IT personnel onsite and there are no administrators over there. You need to setup a Read-Only Domain Controller (RODC) on the Server Core installation computer in the branch office. What should you do to setup RODC on the computer in branch office? Your company has an Active Directory forest that contains only Windows Server 2003 domain controllers. You need to prepare the Active Directory domain to install Windows Server 2008 domain controllers. Which two tasks should you perform? (Each correct answer presents part of the solution Choose two.) is having an Active Directory Rights Management Service (AD RMS) server. Users machines are running Windows Vista and an Active Directory domain is configured at Microsoft Windows Server 2003 functional level. Users are complaining that they cannot protect their documents. You need to configure AD RMS so that users are able to protect their documents. What should you do? Critical services are running on CKD20, a domain controller. You have completed restructuring the organizational unit hierarchy for the domain and deleted the needless objects. What would you do to perform an offline defragmentation of the Active Directory database on CKD20 while ensuring that the critical services remain online? You are formulating the backup strategy for Active Directory Lightweight Directory Services (AD LDS) to ensure that data and log files are backed up regularly. This will also ensure the continued availability of data to applications and users in the event of a system failure. Because you have limited media resources, you decided to backup only specific ADLDS instance instead of taking backup of the entire volume. What should you do to accomplish this task? has a network that consists of a single Active Directory domain.Windows Server 2008 is installed on all domain controllers in the network. You are instructed to capture all replication errors from all domain controllers to a central location. What should you do to achieve this task? Your company has a main office and three branch offices. Each office is configured as a separate Active Directory site that has its own domain controller. You disable an account that has administratrve rights. You need to immediately replicate the disabled account information to all sites. What are two possible ways to achieve this goal? (Each correct answer presents a complete solution. Choose two.) You are an administrator at . has a network of 5 member servers acting as file servers. It has an Active Directory domain. You have installed a software application on the servers. As soon as the application is installed, one of the member servers shuts down itself. To trace and rectify the problem, you create a Group Policy Object (GPO). You need to change the domain security settings to trace the shutdowns and identify the cause of it. What should you do to perform this task? has organizational units in the Active Directory domain. There are 10 servers in the organizational unit called Security. As an administrator at , you generate a Group Policy Object (GPO) and link it to the Security organizational unit. What should you do to monitor the network connections to the servers in Security organizational unit? You need to remove the Active Directory Domain Services role from a domain controller named DC1. What should you do? Your company has an Actrve Directory forest that runs at the functional level of Windows Server 2008 You implement Actrve Directory Rights Management Services (AD RMS) You install Microsoft SOL Server 2005 When you attempt to open the AD RMS administration Web site, you recerve the following error message: "SOL Server does not exist or access denied" You need to open the AD RMS administration Web site Which two actions should you perform?(Each correct answer presents part of the solution Choose two.) One of the remote branch offices of branch is running a Windows Server 2008 having ready only domain controller (RODC) installed.For security reasons you don't want some critical credentials like (passwords, encryption keys) to be stored on RODC. What should you do so that these credentials are not replicated to any RODC's in the forest? (Select 2) You had installed an Active Directory Federation Services (AD FS) role on a Windows server 2008 in your organization. Now you need to test the connectivity of clients in the network to ensure that they can successfully reach the new Federation server and Federation server is operational. What should you do? (Select all that apply) You have two servers named Server1 and Server2. Both servers run Windows Server 2008. Server1 is configured as an enterprise root certification authority (CA). You install the Online Responder role service on Server2. You need to configure Server1 to support the Online Responder. What should you do? You create 200 new user accounts. The users are located in six different sites. New users report that they receive the following error message when they try to log on: "The username or password is incorrect." You confirm that the user accounts exist and are enabled. You also confirm that the user name and password information supplied are correct. You need to identify the cause of the failure. You also need to ensure that the new users are able to log on Which utility should you run? You have a domain controller that runs Windows Server 2008 and is configured as a DNS server You need to record all inbound DNS queries to the server. What should you configure in the DNS Manager console? has a main office and 30 branch offices. To manage the network, each branch office has a separate active directory site that has a dedicated read-only domain controller (RODC). A branch office located in a far off location reports a robbery. The robbers have stolen the RODC server. Which utility should you do to recover the user accounts that were cached on the stolen RODC server? Your network consists of a single Active Directory domain. The functional level of the forest is Windows Server 2008. You need to create multiple password policies for users in your domain. What should you do? Your company has an Active Directory domain that has an organizational unit named Sales. The Sales organizational unit contains two global security groups named sales managers and sales executives. You need to apply desktop restrictions to the sales executives group. You must not apply these desktop restrictions to the sales managers group. You create a GPO named DesktopLockdown and link it to the Sales organizational unit. What should you do next? Your network consists of a single Active Directory domain All domain controllers run WIndows Server 2008. You need to capture all replication errors from all domain controllers to a central localion What should you do? Your company has a branch office that is configured as a separate Active Directory site and has an Actrve Directory domain controller. The Active Directory site requires a local Global Catalog server to support a new application. You need to configure the domain controller as a Global Catalog server. Which tool should you use? Your company has file servers located in an organizational unit named Payroll. The file servers contain payroll files located in a folder named Payroll. You create a GPO. You need to track which employees access the Payroll files on the file servers. What should you do? All consultants belong to a global group named TempWorkers. You place three file servers in a new organizational unit named SecureServers. The three file servers contain confidential data located in shared folders. You need to record any failed attempts made by the consultants to access the confidential data. Which two actions should you perform? (Each correct answer presents part of the solution Choose two.) Your company hires 10 new employees. You want the new employees to connect to the main office through a VPN connection. You create new user accounts and grant the new employees the Allow Read and Allow Execute permissions to shared resources in the main office. The new employees are unable to access shared resources in the main office. You need to ensure that users are able to establish a VPN connection to the main office What should you do?