[Jun 2016] transcender 70-640


♥♥ 2017 NEW RECOMMEND ♥♥

Free VCE & PDF File for Microsoft 70-640 Real Exam (Full Version!)

★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW 70-640 Exam Dumps (PDF & VCE):
Available on: http://www.certleader.com/70-640-dumps.html


70-640 Product Description:
Exam Number/Code: 70-640 vce
Exam name: TS: Windows Server 2008 Active Directory. Configuring
n questions with full explanations
Certification: Microsoft Certification
Last updated on Global synchronizing

Instant Access to Free VCE Files: Microsoft 70-640 TS: Windows Server 2008 Active Directory. Configuring

70-640 examcollection

Exam Code: 70-640 (Practice Exam Latest Test Questions VCE PDF)
Exam Name: TS: Windows Server 2008 Active Directory. Configuring
Certification Provider: Microsoft
Free Today! Guaranteed Training- Pass 70-640 Exam.

2016 Jun 70-640 Study Guide Questions:

Q51. Your network contains an Active Directory domain named contoso.com. Contoso.com contains a member server that runs Windows Server 2008 Standard. 

You need to install an enterprise subordinate certification authority (CA) that supports private key archival. 

You must achieve this goal by using the minimum amount of administrative effort. 

What should you do first? 

A. Initialize the Trusted Platform Module (TPM). 

B. Upgrade the member server to Windows Server 2008 R2 Standard. 

C. Install the Certificate Enrollment Policy Web Service role service on the member server. 

D. Run the Security Configuration Wizard (SCW) and select the Active Directory Certificate Services - Certification Authority server role template check box. 

Answer: B 

Explanation: 

Not sure about this one. See my thoughts below. 

to MS Press - Self-Paced Training Kit (Exam 70-640) (2nd Edition, July 2012) key archival 

is not available in the Windows Server 2008 R2 Standard edition, so that would leave out 

answer B. 


C:\Documents and Settings\usernwz1\Desktop\1.PNG 

Another dump gives the following for answer B: 

"Upgrade the menber [sic] server to Windows Server 2008 R2 Enterprise." 

Should the actual exam mention to upgrade to the Enterprise edition for answer B, I'd go 

for that. In this VCE it doesn't seem to make sense to go for B as it shouldn't work, I think. 

Certificate Enrollment Policy Web Service role of answer C was introduced in Windows 

Server 2008 R2, so that would not be an option on the mentioned Windows Server 2008 

machine. 

Trusted Platform Module is "a secure cryptographic integrated circuit (IC), provides a 

hardware-based approach to manage user authentication, network access, data protection 

and more that takes security to higher level than software-based security." 

(http://www.trustedcomputinggroup.org/resources/ 

how_to_use_the_tpm_a_guide_to_hardwarebased_endpoint_security/) 

Pfff... I'm bothered that answer B speaks of the Standard edition, and not the Enterprise 

edition. Hope the VCE is wrong. 


Q52. You have a Windows PowerShell script that contains the following code: 

import-csv Accounts.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true -AccountPassword $_. password} 

When you run the script, you receive an error message indicating that the format of the password is incorrect.The script fails. 

You need to run a script that successfully creates the user accounts by using the password contained in accounts.csv. 

Which script should you run? 

A. import-csv Accounts.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true – AccountPassword(ConvertTo-SecureString "Password" -AsPlainText -force)} 

B. import-csv Accounts.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true – AccountPassword(ConvertTo-SecureString $_.Password -AsPlainText -force)} 

C. import-csv Accounts.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true -AccountPassword(Read-Host -AsSecureString "Password")} 

D. import-csv Accounts.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true – AccountPassword(Read-Host -AsSecureString $_.Password)} 

Answer: B 

Explanation: 

import-csv Accounts.csv | Foreach { New-ADUser -Name $_.Name -Enabled $true - AccountPassword (ConvertTo-SecureString $_.Password -AsPlainText -force)} Personal comment: import comma separated values file (most probably containing a column for Name and one for Password) for each line of values create a new AD user with the name contained in the Name column enable the account and set the password with the value contained in the Password column; import the password from plain text as a secure string and ignore warnings/errors http://technet.microsoft.com/en-us/library/hh849818.aspx ConvertTo-SecureString 

Parameters -AsPlainText Specifies a plain text string to convert to a secure string. The secure string cmdlets help protect confidential text. The text is encrypted for privacy and is deleted from computer memory after it is used. If you use this parameter to provide plain text as input, the system cannot protect that input in this manner. To use this parameter, you must also specify the Force parameter. -Force Confirms that you understand the implications of using the AsPlainText parameter and still want to use it. 


Q53. Your company has a single Active Directory domain. All domain controllers run Windows Server 2003. 

You install Windows Server 2008 R2 on a server. 

You need to add the new server as a domain controller in your domain. 

What should you do first? 

A. On a domain controller run adprep /rodcprep. 

B. On the new server, run dcpromo /adv. 

C. On the new server, run dcpromo /createdcaccount. 

D. On a domain controller, run adprep /forestprep. 

Answer: D 

Explanation: 

http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/9931e32f-6302-40f0-a7a1-2598a96cd0c1/ DC promotion and adprep/forestprep 

Q: I've tried to dcpromo a new Windows 2008 server installation to be a Domain Controller, running in an existing domain. I am informed that, first, I must run adprep/forestprep ("To install a domain controller into this Active Directory forest, you must first perpare the forest using "adprep/forestprep". The Adprep utility is available on the Windows Server 2008 installation media in the Windows\sources\adprep folder" 

A1: 

You can run adprep from an existing Windows Server 2003 domain controller. Copy the 

contents of the \sources\adprep folder from the Windows Server 2008 installation DVD to 

the schema master role holder and run Adprep from there. 

A2: to introduce the first W2K8 DC within an AD forest.... 

 (1) no AD forest exists yet: 

--> on the stand alone server execute: DCPROMO 

--> and provide the information needed 

 (2) an W2K or W2K3 AD forest already exists: 

--> ADPREP /Forestprep on the w2k/w2k3 schema master (both w2k/w2k3 forests) 

--> ADPREP /rodcprep on the w2k3 domain master (only w2k3 forests) 

--> ADPREP /domainprep on the w2k3 infrastructure master (only w2k3 domains) 

--> ADPREP /domainprep /gpprep on the w2k infrastructure master (only w2k domains) 

--> on the stand alone server execute: DCPROMO 

--> and provide the information needed 


70-640  vce

Renew ms exam 70-640:

Q54. Your network contains an enterprise root certification authority (CA). You need to ensure that a certificate issued by the CA is valid. What should you do? 

A. Run syskey.exe and use the Update option. 

B. Run sigverif.exe and use the Advanced option. 

C. Run certutil.exe and specify the -verify parameter. 

D. Run certreq.exe and specify the -retrieve parameter. 

Answer: C 

Explanation: 

http://blogs.technet.com/b/pki/archive/2006/11/30/basic-crl-checking-with-certutil.aspx Basic CRL checking with certutil Certutil.exe is the command-line tool to verify certificates and CRLs. To get reliable verification results, you must use certutil.exe because the Certificate MMC Snap-In does not verify the CRL of certificates. A certificate might be wrongly shown in the MMC snap-in as valid but once you verify it with certutil.exe you will see that the certificate is actually invalid. 


Q55. HOTSPOT 

Your network contains an Active Directory forest named contoso.com. The forest contains two Active Directory sites named Seattle and Montreal. The Montreal site is a branch office that contains only a single read-only domain controller (RODC). 

You accidentally delete the site link between the two sites. 

You recreate the site link while you are connected to a domain controller in Seattle. 

You need to replicate the change to the RODC in Montreal. 

Which node in Active Directory Sites and Services should you use?To answer, select the 

appropriate node in the answer area. 


Answer: 



Q56. Your network contains an Active Directory domain. The domain contains 1,000 user accounts. 

You have a list that contains the mobile phone number of each user. You need to add the mobile number of each user to Active Directory. 

What should you do? 

A. Create a file that contains the mobile phone numbers, and then run ldifde.exe. 

B. Create a file that contains the mobile phone numbers, and then run csvde.exe. 

C. From Adsiedit, select the CN=Users container, and then modify the properties of the container. 

D. From Active Directory Users and Computers, select all of the users, and then modify the properties of the users. 

Answer: A 

Explanation: 

CSVDE can only import and export data from AD DS. 

http://technet.microsoft.com/en-us/library/cc732101.aspx Explanation: http://technet.microsoft.com/en-us/library/cc731033.aspx Ldifde Creates, modifies, and deletes directory objects. 


certleader.com

Validated microsoft.com 70-640:

Q57. Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1. DC1 hosts a standard primary zone for contoso.com. 

You discover that non-domain member computers register records in the contoso.com zone. 

You need to prevent the non-domain member computers from registering records in the contoso.com zone. 

All domain member computers must be allowed to register records in the contoso.com zone. 

What should you do first? 

A. Configure a trust anchor. 

B. Run the Security Configuration Wizard (SCW). 

C. Change the contoso.com zone to an Active Directory-integrated zone. 

D. Modify the security settings of the %SystemRoot%\System32\Dns folder. 

Answer: C 

Explanation: 

http://technet.microsoft.com/en-us/library/cc772746%28v=ws.10%29.aspx Active Directory-Integrated Zones DNS servers running on domain controllers can store their zones in Active Directory. In this way, it is not necessary to configure a separate DNS replication topology that uses ordinary DNS zone transfers, because all zone data is replicated automatically by means of Active Directory replication. This simplifies the process of deploying DNS and provides the following advantages: Multiple masters are created for DNS replication. Therefore: Any domain controller in the domain running the DNS server service can write updates to the Active Directory–integrated zones for the domain name for which they are authoritative. A separate DNS zone transfer topology is not needed. Secure dynamic updates are supported. Secure dynamic updates allow an administrator to control which computers update which names, and prevent unauthorized computers from overwriting existing names in DNS 


Q58. Your network contains a single Active Directory domain. The domain contains five read-only domain controllers (RODCs) and five writable domain controllers. All servers run Windows Server 2008. 

You plan to install a new read-only domain controllerRODC that runs Windows Server 2008 R2. 

You need to ensure that you can add the new RODC to the domain.You want to achieve this goal by using the minimum amount of administrative effort. 

Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.) 

A. At the command prompt, run adprep.exe /rodcprep. 

B. At the command prompt, run adprep.exe /forestprep. 

C. At the command prompt, run adprep.exe /domainprep. 

D. From Active Directory Domains and Trusts, raise the functional level of the domain. 

E. From Active Directory Users and Computers, pre-stage the RODC computer account. 

Answer: B,C 


Q59. You have an enterprise root certification authority (CA) that runs Windows Server 2008 R2. 

You need to ensure that you can recover the private key of a certificate issued to a Web server. 

What should you do? 

A. From the CA, run the Get-PfxCertificate cmdlet. 

B. From the Web server, run the Get-PfxCertificate cmdlet. 

C. From the CA, run the certutil.exe tool and specify the -exportpfx parameter. 

D. From the Web server, run the certutil.exe tool and specify the -exportpfx parameter. 

Answer: D 

Explanation: 

http://technet.microsoft.com/en-us/library/ee449471%28v=ws.10%29.aspx 

Manual Key Archival Manual key archival can be used in the following common scenarios 

that are not supported by automatic key archival: 

Secure/Multipurpose Internet Mail Extensions (S/MIME) certificates used by Microsoft. 

Office Outlook. Certificates issued by CAs that do not support key archival. Certificates installed on the Microsoft Windows. 2000 and Windows Millennium Edition operating systems. This topic includes procedures for exporting a private key by using the following programs and for importing a private key to a CA database: Certutil.exe Certificates snap-in Microsoft Office Outlook 

To export private keys by using Certutil.exe 

1. Open a Command Prompt window. 

2. Type the Certutil.exe –exportpfx command using the command-line options described in 

the following table. 

Certutil.exe [-p <Password>] –exportpfx <CertificateId> <OutputFileName> 


C:\Documents and Settings\usernwz1\Desktop\1.PNG 


Q60. Your company has a single-domain Active Directory forest. The functional level of the domain is Windows Server 2008. 

You perform the following activities: 

Create a global distribution group. 

Add users to the global distribution group. 

Create a shared folder on a Windows Server 2008 member server. 

Place the global distribution group in a domain local group that has access to the shared 

folder. 

You need to ensure that the users have access to the shared folder. 

What should you do? 

A. Add the global distribution group to the Domain Administrators group. 

B. Change the group type of the global distribution group to a security group. 

C. Change the scope of the global distribution group to a Universal distribution group. 

D. Raise the forest functional level to Windows Server 2008. 

Answer: B 

Explanation: 

http://kb.iu.edu/data/ajlt.html In Microsoft Active Directory, what are security and distribution groups? In Microsoft Active Directory, when you create a new group, you must select a group type. The two group types, security and distribution, are described below: Security: Security groups allow you to manage user and computer access to shared resources. You can also control who receives group policy settings. This simplifies administration by allowing you to set permissions once on multiple computers, then to change the membership of the group as your needs change. The change in group membership automatically takes effect everywhere. You can also use these groups as email distribution lists. Distribution: Distribution groups are intended to be used solely as email distribution lists. These lists are for use with email applications such as Microsoft Exchange or Outlook. You can add and remove contacts from the list so that they will or will not receive email sent to the distribution group. You can't use distribution groups to assign permissions on any objects, and you can't use them to filter group policy settings. http://technet.microsoft.com/en-us/library/cc781446%28v=ws.10%29.aspx Group types 



see more TS: Windows Server 2008 Active Directory. Configuring