Braindumps of 70-640
TS: Windows Server 2008 Active Directory, Configuring
These are Guaranteed question for this exam. I only
used www.exams.ws guide and i was succedded.
Abc .com has an Active Directory forest that contains
a single domain named ad. Abc .com. All domain controllers
are configures as DNS servers and have Windows Server
2008 installed. The network has two Active directory-integrated
zones: Abc es.com and Abc ws.com. The company has instructed
you to make sure that a user is able to modify records
in Abc es.com while preventing the user to modify the
SOA record in Abc ws.com zone. What should you do to
achieve this task?
A. Modify the permissions of Abc es.com zone by accessing
the DNS Manager Console
B. Configure the user permissions on Abc es.com to include
all the users and configure the user permissions on
Abc ws.com to allow only the administrators group to
modify the records
C. Modify the permission of Abc ws.com zone by accessing
the DNS Manager Console
D. Modify the Domain Controllers organizational unit
by accessing the Active Directory Users and Computers
E. None of the above.
To allow the user to modify records in Abc es.com and
prevent him/her to modify the SOA record in Abc ws.com
zone, you should set the permissions of Abc es.com through
DNS Manager Console. You set the permissions for the
users to modify the records in Abc es.com. Since setting
permission on one Active directory-integrated zone,
you will be preventing the users to modify anything
else on the other zones.
Abc .com has an Active Directory Domain Controller.
All domain controllers are configured as DNS servers
and have Windows Server 2008 installed. Only one Active-Directory
integrated DNS zone is configured on the domain. You
have to make sure that outdated DNS records are removed
from the DNS zone automatically. What should you do
to achieve this task?
A. Modify the TTL of the SOA record by accessing the
B. Disable updates from the zone properties
C. Execute netsh/Reset DNS command from the Command
D. Enable Scavenging by accessing the zone properties
E. None of the above
To remove the outdated DNS records from the DNS zone
automatically, you should enable Scavenging through
Zone properties. Scavenging will help you clean up old
unused records in DNS. Since "clean up" really
means "delete stuff" a good understanding
of what you are doing and a healthy respect for "delete
stuff" will keep you out of the hot grease. Because
deletion is involved there are quite a few safety valves
built into scavenging that take a long time to pop.
When enabling scavenging, patience is required.
Abc .com has a single Active Directory domain. You have
configured all domain controllers in the network as
DNS servers and they run Windows Server 2008. A domain
controller named Abc1 has a standard Primary zone for
Abc .com and a domain controller named Abc2 has a standard
secondary zone for Abc .com. You have to make sure that
the replication of the Abc .com zone is encrypted so
you might not loose any zone data. What should you do
to achieve this task?
A. Create a stub zone and delete the secondary zone
B. Convert the primary zone into an active directory
zone and delete the secondary zone
C. Change the interface where DNS server listens on
D. On the standard primary zone, configure zone transfer
settings. After that modify the master servers lists
on the secondary zone
E. None of the above
To make sure that the replication of the Abc .com zone
is encrypted to prevent data loss. You should convert
the primary zone into an active directory zone and delete
the secondary zone
Abc .com has a main office and a branch office. All
servers in both offices run Windows Server 2008. The
offices are connected through a MAN link. Abc .com has
an Active Directory domain that hosts a single domain
called maks. Abc .com. There is a domain controller
in the maks. Abc .com domain called Abc1 . It is located
in the main office. You have configured Abc1 as a DNS
server for maks. Abc .com DNS zone. It is configured
as a standard primary zone. You are instructed to install
a new domain controller called Abc2 in the branch office.
After installing the domain controller, you install
DNS on Abc2 . You want to ensure that the DNS service
on Abc2 can update records and resolve DNS queries in
the event of a MAN link failure. What should you do
to achieve this objective?
A. Configure the DNS on Abc1 to forward requests to
B. Add a secondary zone named raks. Abc .com on Abc2
C. Convert maks. Abc .com on Abc1 to an Active Directory-integrated
D. Configure a new stub zone on Abc1 and set the forwarding
option to Abc2
To make sure that the DNS service on Abc2 can update
records and resolve DNS queries in the event of a MAN
link failure, you should convert maks. Abc .com on Abc1
to an Active Directory-integrated zone. Active Directory-integrated
DNS, offers two pluses over traditional zones. For one,
the fault tolerance built into Active Directory eliminates
the need for primary and secondary nameservers. Effectively,
all nameservers using Active Directory-integrated zones
are primary nameservers. This has a huge advantage for
the use of dynamic DNS as well: namely, the wide availability
of nameservers that can accept registrations. Recall
that domain controllers and workstations register their
locations and availability to the DNS zone using dynamic
DNS. In a traditional DNS setup, only one type of nameserver
can accept these registrations-the primary server, because
it has the only read/write copy of a zone. By creating
an Active Directory-integrated zone, all Windows Server
2008 nameservers that store their zone data in Active
Directory can accept a dynamic registration, and the
change will be propagated using Active Directory multimaster
Abc .com has a DNS server with 10 Active Directory Integrated
Zones. For auditing purposes, you have to provide copies
of the zone files of the DNS server to the security
audit group. What should you do to achieve this task?
A. Execute ntdsutil > Partition Management > Display
B. execute ipconfig/registerdns command
C. execute the dnscmd/ZoneExport command
D. Execute dnscmd/Zoneoutput command
Abc .com has a domain controller named EDC11 that runs
Windows Server 2008. It is configured as a DNS server
for Abc .com. You install the DNS server role on a member
server named S1 and after this; you create a standard
secondary zone for Abc .com. You configured EDC11 as
the master server for the zone. What should you do to
make sure that S1 receives zone updates from EDC11?
A. On Server1, add a conditional forwarder.
B. On DC1, modify the zone transfer settings for the
C. Add the Server1 computer account to the DNSUpdateProxy
D. On DC1, modify the permissions of contoso.com zone.
Abc .com has a network consisting of an Active Directory
forest named ebd.com. All servers have Windows Server
2008. All domain controllers are configured as DNS servers.
The ebd.com DNS zone is stored in ForestDnsZones Active
directory partition. A member server contains a standard
primary DNS zone for eb.ebd.com. You need to make sure
that all domain controllers can resolve names for eb.ebd.com.
What should you do to achieve this task?
A. Create a delegation in the ebd.com zone
B. Change the properties of SOA record in the eb.ebd.com
C. Add NS record in the ebd.com zone
D. Create a secondary zone on a Global catalog server
Abc .com has a main office and single branch office
in another state. With a single Active-Directory domain
forest, Abc .com has two domain controllers named Abc1
and Abc2 . Both of the domain controllers run Windows
Server 2008. The branch office has a Read-only domain
controller (RODC) named Abc3 . While all domain controllers
have DNS server role installed, they are configured
as Active-Directory-integrated zones. All DNS zones
are configured to allow secure updates only. You want
to enable dynamic DNS updates on Abc3 . What should
you do to achieve this task?
A. On DC1, create an active partition and configure
the partition to store Active Directory-integrated zones
B. Un-install the Active Directory Domain services on
Abc3 and reinstall it as a writeable domain controller
C. Reconfigure RODC on Abc3 to allow dynamic updates
D. Execute dnscmd/ZoneResetType command on Abc3
To enable the dynamic DNS updates on Abc3 , you should
uninstall the Active Directory Domain services on Abc3
and reinstall it as a writeable domain controller. A
writeable domain controller performs originating updates
and outbound replication.
Abc .com has a huge network that consists of an Active
Directory Forest containing a single domain. Windows
Server 2008 is installed on all domain controllers.
They are configured as DNS servers. Abc .com has an
active directory-integrated zone with two Active Directory
sites. Each site contains five domain controllers. You
added a new NS record to the zone. You have to make
sure that all domain controllers immediately receive
the new NS record. What should you do to achieve this
A. Execute repadmin/syncall from the command prompt
B. Reload the zone from the DNS Manager console
C. Create an SOA record from the DNS Manager console
D. Shutdown and then, restart the DNS server service
from services snap-in
Abc .com has an Active Directory domain named comm.
Abc .com. The domain contains two domain controllers
named Abc1 and Abc2 . Both have the DNS server role
installed. You install a new DNS server named ns. Abc
.com on the perimeter network. You configure Abc1 to
forward all unresolved name requests to ns. Abc .com.
But you discover that the DNS forward option is unavailable
on Abc2 . You have to configure DNS forwarding on Abc2
server to forward unresolved name requests to ns. Abc
.com server. Which of the following two actions should
you perform to achieve this task?
A. Clean the DNS cache on Abc2
B. configure conditional forwarding on Abc2
C. Delete the Root zone on Abc2
D. Add zone forwarding on Abc2
Abc .com has a domain controller that runs Windows Server
2008. It is configured as a DNS server. You have to
record all inbound DNS queries to the server. What should
you configure in the DNS Manager Console?
A. To log errors and warnings, configure event logging
B. Disable automatic logs for recursive queries
C. Enable automatic testing for recursive queries
D. Enable debug logging
Abc .com employs Windows Server 2008 Enterprise certificate
authority (CA) to issue certificates. You're instructed
to implement key archival. What should you do to achieve
A. On the server, archive the private key
B. Configure Hisecdc security template
C. Revoke the Enterprise subordinate CA and issue a
user certificate to users of the encrypted files
D. Configure the automatic enrollement for the computers
that store encrypted files
Abc .com has a main office and ten branch offices. It
has an Active Directory forest that hosts a single domain.
Each office has one domain controller and they are configured
as an Active Directory site. All sites are connected
with the DEFAULTIPSITELINK object. You have to decrease
the replication latency between the domain controllers.
What should you do to achieve this task?
A. Decrease the cost between the connection objects
B. Decrease the connection replication interval for
all connection objects
C. Decrease the replication interval for the DEFAULTIPSITELINK
D. Increase the replication interval for the DEFAULTIPSITELINK
Abc .com network consists of a single Active Directory
domain. Ten domain controllers are present in the domain.
All domain controllers run Windows Server 2008 and are
configured as DNS servers. You are instructed to create
a new Active Directory-integrated zone. You have to
make sure that the new zone is only replicated to four
of your domain controllers. What should you do first?
A. execute dnscmd/enlistdirectorypartition from the
B. Configure a delegation in the DomainDnsZones application
C. Configure a new delegation in the ForestDnsZones
application directory partition
D. Run dnscmd/createdirectorypartition from the command