This page was exported from Braindump2go Free Exam Dumps with PDF and VCE Collection [ https://www.mcitpdump.com ] Export date:Fri Mar 29 11:16:52 2024 / +0000 GMT ___________________________________________________ Title: Braindump2go New Updated 70-640 Exam Version With New Added Questions Free Download (101-110) --------------------------------------------------- New Braindump2go 70-640 Exam Questions Updated Today! Want to know New Questions in 2015 70-640 Exam? Download Free Braindump2go 70-640 Exam Preparation Materials Now! Vendor: Microsoft Exam Code: 70-640 Exam Name: TS: Windows Server 2008 Active Directory, Configuring QUESTION 101Your company has a main office and a branch office.The network contains an Active Directory domain.The main office contains a writable domain controller named DC1. The branch office contains a read- only domain controller (RODC) named DC2.You discover that the password of an administrator named Admin1 is cached on DC2. You need to prevent Admin1's password from being cached on DC2.What should you do? A.    Modify the NTDS Site Settings.B.    Modify the properties of the domain.C.    Create a Password Setting object (PSO).D.    Modify the properties of DC2's computer account. Answer: DExplanation:http://technet.microsoft.com/en-us/library/rodc-guidance-for-administering-the-password-replication-policy%28v=ws.10%29.aspx QUESTION 102Your network contains an Active Directory domain named contoso.com. The network has a branch office site that contains a read-only domain controller (RODC) named RODC1. RODC1 runs Windows Server 2008 R2.A user named User1 logs on to a computer in the branch office site. You discover that the password of User1 is not stored on RODC1. You need to ensure that User1's password is stored on RODC1.What should you modify? A.    the Member Of properties of RODC1B.    the Member Of properties of User1C.    the Security properties of RODC1D.    the Security properties of User1 Answer: BExplanation:http://technet.microsoft.com/en-us/library/rodc-guidance-for-administering-the-password-replication-policy%28v=ws.10%29.aspx QUESTION 103Your company has a main office and a branch office. The branch office has an Active Directory site that contains a read-only domain controller (RODC).A user from the branch office reports that his account is locked out. From a writable domain controller in the main office, you discover that the user's account is not locked out.You need to ensure that the user can log on to the domain.What should you do? A.    Modify the Password Replication Policy.B.    Reset the password of the user account.C.    Run the Knowledge Consistency Checker (KCC) on the RODC.D.    Restore network communication between the branch office and the main office. Answer: D QUESTION 104Your network contains a single Active Directory domain. The domain contains five read-only domain controllers (RODCs) and five writable domain controllers. All servers run Windows Server 2008. You plan to install a new RODC that runs Windows Server 2008 R2. You need to ensure that you can add the new RODC to the domain.You want to achieve this goal by using the minimum amount of administrative effort.Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.) A.    At the command prompt, run adprep.exe /rodcprep.B.    At the command prompt, run adprep.exe /forestprep.C.    At the command prompt, run adprep.exe /domainprep.D.    From Active Directory Domains and Trusts, raise the functional level of the domain.E.    From Active Directory Users and Computers, pre-stage the RODC computer account. Answer: CEExplanation: - During the first stage of the installation, the wizard records all the data about the RODC that will be stored in the distributed Active Directory database, including the read-only domain controller account name and the site in which it will be placed. This stage must be performed by a member of the Domain Admins group.- To create an RODC account by using the Windows interfaceClick Start, click Administrative Tools, and then click Active Directory Users and Computers.Double-click the domain container, then you can either right-click the Domain Controllers container or click the Domain Controllers container, and then click Action. Click Pre-create Read-only Domain Controller account QUESTION 105You deploy an Active Directory Federation Services (AD FS) Federation Service Proxy on a server named Server1.You need to configure the Windows Firewall on Server1 to allow external users to authenticate by using AD FS.Which inbound TCP port should you allow on Server1? A.    88B.    135C.    443D.    445 Answer: C QUESTION 106You deploy a new Active Directory Federation Services (AD FS) federation server. You request new certificates for the AD FS federation server. You need to ensure that the AD FS federation server can use the new certificates. To which certificate store should you import the certificates? A.    ComputerB.    IIS Admin Service service accountC.    Local AdministratorD.    World Wide Web Publishing Service service account Answer: AExplanation:http://technet.microsoft.com/en-us/library/dd378922%28v=ws.10%29.aspx#BKMK_13 QUESTION 107Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1. Server1 has the Active Directory Federation Services (AD FS) role installed.You have an application named App1 that is configured to use Server1 for AD FS authentication. You deploy a new server named Server2. Server2 is configured as an AD FS 2.0 server. You need to ensure that App1 can use Server2 for authentication.What should you do on Server2? A.    Add an attribute store.B.    Create a relying party trust.C.    Create a claims provider trust.D.    Create a relaying provider trust. Answer: BExplanation:http://technet.microsoft.com/en-us/library/dd807132%28v=ws.10%29.aspxhttp://blogs.msdn.com/b/card/archive/2010/06/25/using-federation-metadata-to-establish-a-relying-party-trustin-ad-fs-2-0.aspx QUESTION 108Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1. The Active Directory Federation Services (AD FS) role is installed on Server1. Contoso.com is defined as an account store.A partner company has a Web-based application that uses AD FS authentication. The partner company plans to provide users from contoso.com access to the Web application. You need to configure AD FS on contoso.com to allow contoso.com users to be authenticated by the partner company.What should you create on Server1? A.    a new applicationB.    a resource partnerC.    an account partnerD.    an organization claim Answer: DExplanation:Since the account store has already been configured, what needs to be done is to use the account store to map an AD DS global security group to an organization claim (called group claim extraction). So that's what we need to create for authentication: an organization claim.Creating a resource/account partner is part of setting up the Federation Trust.http://technet.microsoft.com/en-us/library/dd378957.aspxConfiguring the Federation Servers[All the steps for setting up an AD FS environment are listed in an extensive step-by-step guide, too long to post here.]http://technet.microsoft.com/en-us/library/cc732147.aspxAdd an AD DS Account StoreIf user and computer accounts that require access to a resource that is protected by Active Directory Federation Services (AD FS) are stored in Active Directory Domain Services (AD DS), you must add AD DS as an account store on a federation server in the Federation Service that authenticates the accounts.http://technet.microsoft.com/en-us/library/cc731719.aspxMap an Organization Group Claim to an AD DS Group (Group Claim Extraction) When you use Active Directory Domain Services (AD DS) as the Active Directory Federation Services (AD FS) account store for an account Federation Service, you map an organization group claim to a security group in AD DS. This mapping is called a group claim extraction. QUESTION 109Your network contains two servers named Server1 and Server2 that run Windows Server 2008 R2.Server1 has the Active Directory Federation Services (AD FS) Federation Service role service installed.You plan to deploy AD FS 2.0 on Server2.You need to export the token-signing certificate from Server1, and then import the certificate to Server2.Which format should you use to export the certificate? A.    Base-64 encoded X.509 (.cer)B.    Cryptographic Message Syntax Standard PKCS #7 (.p7b)C.    DER encoded binary X.509 (.cer)D.    Personal Information Exchange PKCS #12 (.pfx) Answer: DExplanation:http://technet.microsoft.com/en-us/library/ff678038.aspxhttp://technet.microsoft.com/en-us/library/cc784075.aspx QUESTION 110Your network contains two servers named Server1 and Server2 that run Windows Server 2008 R2. Server1 has Active Directory Federation Services (AD FS) 2.0 installed. Server1 is a member of an AD FS farm. The AD FS farm is configured to use a configuration database that is stored on a separate Microsoft SQL Server.You install AD FS 2.0 on Server2.You need to add Server2 to the existing AD FS farm.What should you do? A.    On Server1, run fsconfig.exe.B.    On Server1, run fsconfigwizard.exe.C.    On Server2, run fsconfig.exe.D.    On Server2, run fsconfigwizard.exe. Answer: CExplanation:http://technet.microsoft.com/en-us/library/adfs2-help-how-to-configure-a-new-federation-server.aspx Thanks For Trying Braindump2go Latest Microsoft 70-640 Dumps Questions! Braindump2go Exam Dumps ADVANTAGES:? 100% Pass Guaranteed Or Full Money Back!? Instant Download Access After Payment!? One Year Free Updation!? Well Formated: PDF,VCE,Exam Software!? Multi-Platform capabilities – Windows, Laptop, Mac, Android, iPhone, iPod, iPad.? Professional, Quick,Patient IT Expert Team 24/7/3651 Onlinen Help You!? We served more than 35,000 customers all around the world in last 5 years with 98.99% PASS RATE!? Guaranteed Secure Shopping! Your Transcations are protected by Braindump2go all the time!? Pass any exams at the FIRST try!   http://www.braindump2go.com/70-640.html --------------------------------------------------- Images: --------------------------------------------------- --------------------------------------------------- Post date: 2015-04-14 06:52:24 Post date GMT: 2015-04-14 06:52:24 Post modified date: 2015-04-14 06:52:24 Post modified date GMT: 2015-04-14 06:52:24 ____________________________________________________________________________________________ Export of Post and Page as text file has been powered by [ Universal Post Manager ] plugin from www.gconverters.com