Microsoft 70-640 Practice Test Question 10

Microsoft 70-640 Practice Test Question 10
Your company has an Active Directory domain. A user attempts to log on to a computer that was turned off for twelve weeks. The administrator receives an error message that authentication has failed. You need to ensure that the user is able to log on to the computer. What should you do?

A. Run the netsh command with the set and machine options.
B. Reset the computer account. Disjoin the computer from the domain, and then rejoin the computer to the domain.
C. Run the netdom TRUST /reset command.
D. Run the Active Directory Users and Computers console to disable, and then enable the computer account.

Answer: B
Explanation: To ensure that the administrator can log on to the computer, you should disjoin the computer from the domain and rejoin it again. Reset the computer account too. Due to long inactivity, the computer was not responding to the authentication query using the Active Directory records. So when you disjoin and rejoin the computer to the domain and reset the computer account, the Active Directory refreshes the computer account password. After that the administrator can easily log on to the computer.

Microsoft 70-640 Practice Test Question 9

Microsoft 70-640 Practice Test Question 9
You have two servers named Server1 and Server2. Both servers run Windows Server 2008 R2. Server1 is configured as an enterprise root certification authority (CA). You install the Online Responder role service on Server2. You need to configure Server1 to support the Online Responder. What should you do?

A. Import the enterprise root CA certificate.
B. Add the Server2 computer account to the CertPublishers group.
C. Configure the Authority Information Access (AIA) extension.
D. Configure the Certificate Revocation List Distribution Point extension.

Answer: C
Explanation: To configure online responder role service on S1, you should configure AIA extension. The authority information access extension indicates how to access CA information and services for the issuer of the certificate in which the extension appears. Information and services may include on-line validation services and CA policy data. (The location of CRLs is not specified in this extension; that information is provided by the cRLDistributionPoints extension.) This extension may be included in subject or CA certificates, and it MUST be non-critical

Microsoft 70-640 Practice Test Question 8

Microsoft 70-640 Practice Test Question 8
Your company has an Active Directory domain. All servers run Windows Server 2008 R2. Your company uses an Enterprise Root certificate authority (CA). You need to ensure that revoked certificate information is highly available. What should you do?

A. Implement an Online Certificate Status Protocol (OCSP) responder by using an Internet Security and Acceleration Server array.
B. Publish the trusted certificate authorities list to the domain by using a Group Policy Object (GPO).
C. Implement an Online Certificate Status Protocol (OCSP) responder by using Network Load Balancing.
D. Create a new Group Policy Object (GPO) that allows users to trust peer certificates. Link the GPO to the domain.

Answer: C
Explanation: To ensure that the revoked certificate information is available at all, you should use the network load balancing and publish an OCSP responder. OCSP is an online responder that can receive a request to check for revocation of a certificate without the client having to download the entire CRL. This process speeds up certificate revocation checking and reduces network bandwidth used for this process. This can be helpful especially when such checking is down over slow WAN links.

Microsoft 70-640 Practice Test Question 7

Microsoft 70-640 Practice Test Question 7
Your network consists of an Active Directory forest that contains one domain named contoso.com. All domain controllers run Windows Server 2008 R2 and are configured as DNS servers. You have two Active Directory-integrated zones: contoso.com and nwtraders.com. You need to ensure a user is able to modify records in the contoso.com zone. You must prevent the user from modifying the SOA record in the nwtraders.com zone. What should you do?

A. From the Active Directory Users and Computers console, run the Delegation of Control Wizard.
B. From the Active Directory Users and Computers console, modify the permissions of the Domain Controllers organizational unit (OU).
C. From the DNS Manager console, modify the permissions of the contoso.com zone.
D. From the DNS Manager console, modify the permissions of the nwtraders.com zone.

Answer: C
Explanation: To allow the user to modify records in contoso.com and prevent him/her from modifying the SOA record in contoso.com zone, you should set the permissions of contoso.com through DNS Manager Console. You set the permissions for the users to modify the records in contoso.com. By setting permission on one Active directory-integrated zone, you will be preventing the users from modifying anything else on the other zones.

Microsoft 70-640 Practice Test Question 6

Microsoft 70-640 Practice Test Question 6
Your company has an Active Directory forest that runs at the functional level of Windows Server 2008. You implement Active Directory Rights Management Services (AD RMS). You install Microsoft SQL Server 2005. When you attempt to open the AD RMS administration Web site, you receive the following error message: "SQL Server does not exist or access denied." You need to open the AD RMS administration Web site. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

A. Restart IIS.
B. Manually delete the Service Connection Point in AD DS and restart AD RMS.
C. Install Message Queuing.
D. Start the MSSQLSVC service.

Answer: A,D
Explanation: To rectify the SQL server problem, you have to restart the internet information server (IIS). The IIS server will be refreshed. Then you start the MSSQULSVC service to start the SQL server. This will enable you to access the database from AD RMS administration website.

Microsoft 70-640 Practice Test Question 5

Microsoft 70-640 Practice Test Question 5
Your company has an Active Directory domain. The company has two domain controllers named DC1 and DC2. DC1 holds the Schema Master role. DC1 fails. You log on to Active Directory by using the administrator account. You are not able to transfer the Schema Master operations role. You need to ensure that DC2 holds the Schema Master role. What should you do?

A. Configure DC2 as a bridgehead server.
B. On DC2, seize the Schema Master role.
C. Log off and log on again to Active Directory by using an account that is a member of the Schema Administrators group. Start the Active Directory Schema snap-in.
D. Register the Schmmgmt.dll. Start the Active Directory Schema snap-in.

Answer: B
Explanation: 

To ensure that DC2 holds the Schema Master role, you should seize the Schema Master role on DC2. Seizing the schema master role is a drastic step that should be considered only if the current operations master will never be available again. So to transfer the schema master operations role, you have to seize it on DC2.

Microsoft 70-640 Practice Test Question 4

Microsoft 70-640 Practice Test Question 4
Your company has a server that runs an instance of Active Directory Lightweight Directory Service (AD LDS). You need to create new organizational units in the AD LDS application directory partition. What should you do?

A. Use the dsmod OU <OrganizationalUnitDN> command to create the organizational units.
B. Use the Active Directory Users and Computers snap-in to create the organizational units on the AD LDS application directory partition.
C. Use the dsadd OU <OrganizationalUnitDN> command to create the organizational units.
D. Use the ADSI Edit snap-in to create the organizational units on the AD LDS application directory partition.

Answer: D
Explanation:
To create new OUs in the AD LDS application directory partition, you should use ADSI Edit snap-in. ADSI Edit is a snap-in that runs in a Microsoft Management Console (MMC). The default console containing ADSI Edit is AdsiEdit.msc. If this snap-in is not added in your MMC, you can do it by adding through Add/Remove Snap-in menu option in the MMC or you can open AdsiEdit.msc from a Windows Explorer.