Sie sind auf Seite 1von 163

Microsoft-70-640_formatted

Number: 000-000 Passing Score: 800 Time Limit : 120 min File Version: 1.0 Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement----Exam : Microsoft 70-640 Title : TS: Windows Server 2008 Active Directory, Configuring Version : V2.38

Exam A QUESTION 1 You work as a technology specialist in an international company named Wiikigo. Your major job is to configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active Directory infrastructure and maintaining Active Directory objects. There is a single Active Directory domain in the company network. Windows Server 2008 is run by all domain controllers that are configured as DNS Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement----servers. A domain controller named DC01 has a standard primary zone for wiikigo.com. A domain controller named DC02 has a standard secondary zone for wiikigo.com. You have to make sure that the replication of the wiikigo.com zone is encrypted. You must not lose any zone data. So what action should you perform? A. The zone transfer settings of the standard primary zone should be configured. The Master Servers lists on the secondary zone should be modified. B. The interface that the DNS server listens on should be modified on both servers. C. The primary zone should be converted into an Active Directory-integrated zone. The secondary zone should be deleted. D. The primary zone should be converted into an Active Directory-integrated stub zone. The secondary zone should be deleted. Answer: C Section: (none) Explanation/Reference:

QUESTION 2 You work as a technology specialist in an international company named Wiikigo. Your major job is to configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active Directory infrastructure and maintaining Active Directory objects. There is an organizational unit named Production in your company. The Production organizational unit has a child organizational unit named R D. After a GPO named Software Deployment is created by you, you link it to the Production organizational unit. You create a shadow group for the R D organizational unit. You have to deploy an application to users in the Production organizational unit. You also need to make sure that the application is not deployed to users in the R D organizational unit. What are two possible ways to achieve this goal?

A. In order to achieve this goal, security filtering on the Software Deployment GPO should be configured to Deny Apply group policy for the R D security group. B. In order to achieve this goal, the Enforce setting should be configured on the software deployment GPO. C. In order to achieve this goal, the Block Inheritance setting should be configured on the R D organizational unit. D. In order to achieve this goal, the Block Inheritance setting should be configured on the Production organizational unit. Answer: AC Section: (none) Explanation/Reference:

QUESTION 3 You work as a technology specialist in an international company named Wiikigo. Your major job is to configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active Directory infrastructure and maintaining Active Directory objects. You have a domain controller named DC01. Windows Server 2008 is run by this domain controller. DC01 is configured as a DNS server for wiikigo.com. You have the DNS Server server role installed on a member server which is named Server01 and then you create a standard secondary zone for wiikigo.com. DC01 is configured as the master server Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement----for the zone. You have to make sure that Server01 receives zone updates from DC01. What action should you perform? A. B. C. D. The zone transfer settings for the wiikigo.com zone should be modified on DC01. The Server01 computer account should be added to the DNSUpdateProxy group. A conditional forwarder should be added on S01. The permissions of wiikigo.com zone should be modified on DC01.

Answer: A Section: (none) Explanation/Reference:

QUESTION 4 You work as a technology specialist in an international company named Wiikigo. Your major job is to configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active Directory infrastructure and maintaining Active Directory objects. There are two domain controllers named

DC01 and DC02 in your company. All domain and forest operations master roles are hosted by DC01. A problem occurred that DC01 fails. Since you are the technical support, you are required to reinstall the operating system to rebuild DC01. In addition, you are required to have all operations master roles rollbacked to their original state. A metadate cleanup is performed and all references of DC01 are removed. Which action should be performed to achieve the goal? (Choose three from the options below, and then put them in a correct order) 1 Operations master roles should be transferred from DC01 to DC02. 2 Operations master roles should be transferred from DC02 to DC01. 3 Operations master roles should be seized from DC01 to DC02. 4 Operations master roles should be seized from DC02 to DC01 5 DC01 should be rebuilt as a replica domain controller. 6 DC02 should be rebuilt as a domain controller. A. B. C. D. 3->5->2 3->6->1 4->5->2 4->6->1

Answer: A Section: (none) Explanation/Reference:

QUESTION 5 You work as a technology specialist in an international company named Wiikigo. Your major job is to configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active Directory infrastructure and maintaining Active Directory objects. There is an Active Directory forest in the company. Not all domain controllers in the forest are configured as Global Catalog Servers. One root domain and one child domain is contained in your domain structure. You modify the folder permissions on a file server that is in the child domain. You find that some Access Control entries start with S-1-5-21 and that Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement-----

no account name is listed. You have to list the account names. So what action should you perform? A. The schema should be modified to enable replication of the friendlynames attribute to the Global Catalog. B. The RID master role in the child domain should be moved to a domain controller that holds the Global Catalog. C. The infrastructure master role in the child domain should be moved to a domain controller that does not hold the Global Catalog. D. The RID master role in the child domain should be moved to a domain controller that does not hold the Global Catalog. Answer: C Section: (none) Explanation/Reference:

QUESTION 6 You work as a technology specialist in an international company named Wiikigo. Your major job is to configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active Directory infrastructure and maintaining Active Directory objects. There is an Active Directory forest in the company. The forest includes organizational units corresponding to the following four locations: Paris, Huston, Denver, and Valencia. Each location has a child organizational unit named Sales. All the users and computers from the sales department are contained in the Sales organizational unit. The offices in Paris, Huston, and Denver are connected by T1 connections. The office in Valencia is connected by a 256-Kbps ISDN connection. According to the company requirement, you have to install an application on all the computers in the sales department. So what should you do? (Choose more than one) A. You should create a Group Policy Object (GPO) named OfficeInstall that assigns the application to the computers. The GPO should be linked to each Sales organizational unit. B. The slow link detection setting should be disabled in the Group Policy Object (GPO). C. The slow link detection threshold setting should be configured to 1,544 Kbps (T1) in the Group Policy Object (GPO). D. You should create a Group Policy Object (GPO) named OfficeInstall that assigns the application to users. The GPO should be linked to each Sales organizational unit. Answer: AB Section: (none) Explanation/Reference:

QUESTION 7 You work as a technology specialist in an international company named Wiikigo. Your major job is to

configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active Directory infrastructure and maintaining Active Directory objects. The company has an Active Directory domain which is named ad.wiikigo.com. Luxware, Inc. has an Active Directory domain which is named intranet.luxware.com. The transfer of internal DNS zone data outside the Luxware network is prevented by Luxware security policy. According to the company requirement, you have to make sure that the Wiikkigo Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement----users can resolve names from the intranet.luxware.com domain. So what action should you perform? A. In order to make sure of this, conditional forwarding for the intranet.luxware.com domain should be configured. B. In order to make sure of this, a new stub zone should be created for the intranet.luxware.com domain. C. In order to make sure of this, an Active Directoryintegrated zone should be created for the intranet.luxware. com domain. D. In order to make sure of this, a standard secondary zone should be created for the intranet.luxware.com domain. Answer: A Section: (none) Explanation/Reference:

QUESTION 8 You work as a technology specialist in an international company named Wiikigo. Your major job is to configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active Directory infrastructure and maintaining Active Directory objects. In your company, there is an Active Directory domain named wiikigo.com. And there are two DNS servers named DNS01 and DNS02 on the company network. You can see the configuration of the DNS servers from the table below. It is reported by the Domain users who are configured to utilize DNS02 as the preferred DNS server that they cannot get access to Internet Web sites. Since you are the technical report, you are required to have Internet name resolution enabled for all client computers. Which action should be performed to achieve the goal?

A. To achieve the goal, the Cache.dns file should be updated on DNS02. And then, conditional forwarding should be configured on DNS01. B. To achieve the goal, the .(root) zone should be deleted from DNS02. And then, conditional forwarding should be set on DNS02. C. To achieve the goal, a copy of the .(root) zone should be created on DNS01. D. To achieve the goal, the list of root hints servers should be updated on DNS02. Answer: B Section: (none) Explanation/Reference:

QUESTION 9 You work as a technology specialist in an international company named Wiikigo. Your major job is to configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement----Directory infrastructure and maintaining Active Directory objects. There is an Active Directory forest in the company. Only Windows Server 2003 domain controllers are contained in this forest. Now you receive an order from the company, you have to prepare the Active Directory domain to install Windows Server 2008 domain controllers. What action should you perform? (Choose more than one) A. B. C. D. The domain functional level should be raised to Windows Server 2008. The adprep /forestprep command should be run. The adprep /domainprep command should be run. The forest functional level should be raised to Windows Server 2008.

Answer: BC Section: (none) Explanation/Reference:

QUESTION 10 You work as a technology specialist in an international company named Wiikigo. Your major job is to

configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active Directory infrastructure and maintaining Active Directory objects. There is an Active Directory domain named ad.wiikigo.com in your company. Two domain controllers named DC01 and DC02 are contained by the domain. The DNS Server server role is installed by the two domain controllers. A new DNS server named DNS01.wiikigo.com is installed on the perimeter network. DC01 is configured to forward all unresolved name requests to DNS01.wiikigo.com. A problem occurred that the DNS forwarding option cannot be used on DC02. Since you are the technical support, you are required to configure DNS forwarding on the DC02 server to point to the DNS01.wiikigo.com server. Which action should be performed to achieve the goal? (Choose more than one.) A. B. C. D. To achieve the goal, conditional forwarding on DC02 should be configured. To achieve the goal, the Listen On address on DC02 should be configured. To achieve the goal, the DNS cache on DC02 should be cleared. To achieve the goal, the Root zone on DC02 should be deleted.

Answer: AD Section: (none) Explanation/Reference:

QUESTION 11 You work as a technology specialist in an international company named Wiikigo. Your major job is to configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active Directory infrastructure and maintaining Active Directory objects. There is a domain controller in your company. Windows Server 2008 is run by the domain controller. In addition, the domain controller is configured as a DNS server. According to the company requirements, you are required to have all inbound DNS queries to the server recorded. Which action should be performed in the DNS Manager console? A. B. C. D. In the DNS Manager console, event logging should be configured to log errors and warnings. In the DNS Manager console, debug logging should be enabled. In the DNS Manager console, automatic testing for simple queries should be enabled. In the DNS Manager console, automatic testing for recursive queries should be enabled. Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement-----

Answer: B Section: (none)

Explanation/Reference:

QUESTION 12 You work as a technology specialist in an international company named Wiikigo. Your major job is to configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active Directory infrastructure and maintaining Active Directory objects. There is a server that runs Windows Server 2008 in your company. The company configures Active Directory Certificate Services (AD CS) as a stand-alone Certification Authority (CA) on the server. According to the company requirements, you are required to audit modifications to the CA configuration settings and the CA security settings. To achieve the goal, which tasks should be performed to achieve the goal? (Choose more than one.) A. To achieve the goal, auditing of successful and failed attempts should be enabled to write to files in the % SYSTEM32%\CertLog directory. B. To achieve the goal, the Audit object access setting should be enabled in the Local Security Policy for the Active Directory Certificate Services (AD CS) server. C. To achieve the goal, auditing in the Certification Authority snap-in should be configured. D. To achieve the goal, auditing of successful and failed attempts should be enabled to modify permissions on files in the %SYSTEM32%\CertSrv directory. Answer: BC Section: (none) Explanation/Reference:

QUESTION 13 You work as a technology specialist in an international company named Wiikigo. Your major job is to configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active Directory infrastructure and maintaining Active Directory objects. Your network consists of an Active Directory forest named contoso.com. All servers run Windows Server 2008. All domain controllers are configured as DNS servers. The wiikigo.com DNS zone is stored in the ForestDnsZones Active Directory application partition. You have a member server that contains a standard primary DNS zone for dev.wiikigo.com. You have to make sure that all domain controllers can resolve names for dev.wiikigo.com. What action should you perform? A. The properties of the SOA record in the wiikigo.com zone should be modified. B. A NS record in the wiikigo.com zone should be created. C. A delegation in the wiikigo.com zone should be created.

D. A standard secondary zone on a Global Catalog server should be created. Answer: C Section: (none) Explanation/Reference:

QUESTION 14 You work as a technology specialist in an international company named Wiikigo. Your major job is to configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active Directory infrastructure and maintaining Active Directory objects. The Active Directory Domain Services (AD DS) role and the Active Directory Lightweight Directory Services (AD LDS) role are installed on a server Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement----named DC01.An AD LDS instsance named LDS01 has its data stored on the C: drive.Since you are the technical support, you are required to have the LDS01 instance relocated to the D: drive. To achieve the goal, which actions should be performed to achieve the goal? (choose three options and put them in a correct order) 1 The net stop ???Active Directory Domain Services??? command should be run. 2 The net stop LSD01 command should be run. 3 The Ntdsutil tool should be utilized to migrate the database files. 4 The xcopy command should be run to migrate the database files. 5 The net start LDS01 command should be run. 6 The net start ???Active Directory Domain Services??? command should be run. 7 The Windows Backup tool should be utilized to back up and recover the LDS01 instance to the D: drive. A. B. C. D. 2->3->6 3->2->5 7->3->4 1->3->5

Answer: A Section: (none) Explanation/Reference:

QUESTION 15 You work as a technology specialist in an international company named Wiikigo. Your major job is to configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active Directory infrastructure and maintaining Active Directory objects. There are two servers named S01 and S02. Windows Server 2008 is run by the two servers. The company configures S01 as an Enterprise Root certification authority (CA). The Online Responder role service is installed on S02. Since you are the technical support, you are required to configure S02 so as to have certificate revocation lists (CRLs) issued for the enterprise root CA. to achieve the goal, which action should be performed? (Choose more than one.) A. B. C. D. To achieve the goal, the Startup Type of the Certificate Propagation service should be set to Automatic. To achieve the goal, the enterprise root CA certificate should be imported. To achieve the goal, the OCSP Response Signing certificate should be imported. To achieve the goal, the S01 computer account should be added to the CertPublishers group.

Answer: BC Section: (none) Explanation/Reference:

QUESTION 16 You work as a technology specialist in an international company named Wiikigo. Your major job is to configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active Directory infrastructure and maintaining Active Directory objects. One of the domain controllers in a child domain is being decommissioned. Since you are the technical support, you are required to move all domain operations master roles within the child domain to a newly installed domain controller, and the newly installed domain is in the same child domain. From the following five domain operations master roles, which Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement----three should be moved to finish the task? (Choose more than one.) A. B. C. D. E. To finish the task, Domain naming master should be moved to a newly installed domain controller. To finish the task, RID master should be moved to a newly installed domain controller. To finish the task, PDC emulator should be moved to a newly installed domain controller. To finish the task, Schema master should be moved to a newly installed domain controller. To finish the task, Infrastructure master should be moved to a newly installed domain controller.

Answer: BCE

Section: (none) Explanation/Reference:

QUESTION 17 You work as a technology specialist in an international company named Wiikigo. Your major job is to configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active Directory infrastructure and maintaining Active Directory objects. Now you receive an order from the company management, you are asked to make sure that users who enter three successive invalid passwords within 5 minutes are locked out for 5 minutes. So what should you do? (Choose more than one) A. B. C. D. E. F. The Enforce password history setting should be set to 3 passwords remembered. The Account lockout duration setting should be set to 5 minutes. The Minimum password age setting should be set to one day. The Maximum password age setting should be set to one day. The Reset account lockout counter after setting should be set to 5 minutes. The Account lockout threshold setting should be set to 3 invalid logon attempts.

Answer: BEF Section: (none) Explanation/Reference:

QUESTION 18 You work as a technology specialist in an international company named Wiikigo. Your major job is to configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active Directory infrastructure and maintaining Active Directory objects. There is an Active Directory forest in your company. And only Windows Server 2003 domain controllers are contained by an Active Directory forest. Since you are the technical support, you are required to prepare the Active Directory domain so as to have Windows Server 2008 domain controllers installed. Which actions should be performed to achieve the goal? (Choose more than one.) A. B. C. D. To achieve the goal, the forest functional level should be raised to Windows Server 2008. To achieve the goal, the domain functional level should be raised to Windows Server 2008. To achieve the goal, the adprep /forestprep command should be run. To achieve the goal, the adprep /domainprep command should be run.

Answer: CD Section: (none) Explanation/Reference:

QUESTION 19 You work as a technology specialist in an international company named Wiikigo. Your major job is to configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement----Directory infrastructure and maintaining Active Directory objects. There is a head office and a branch office in your company. A single-domain Active Directory forest is contained by your company. Two domain controllers named DC01 and DC02 that run Windows Server 2008 are contained by the head office. And a Windows Server 2008 read-only domain controller (RODC) named DC03 is contained by the branch office. The DNS Server server role is held by all domain controllers which are configured as Active Directory-integrated zones. Only secure updates are permitted by the DNS zones. You should enable dynamic DNS updates on DC03. Which action should be performed to achieve the goal? A. To achieve the goal, a custom application directory partition should be created on DC01. and then, the partition should be configured to store Active Directory-integrated zones. B. To achieve the goal, the Ntdsutil.exe /DS Behavior commands should be run on DC03. C. To achieve the goal, the Dnscmd.exe /ZoneResetType command should be run on DC03. D. To achieve the goal, Active Directory Domain Services on DC03 should be reinstalled as a writable domain controller. Answer: D Section: (none) Explanation/Reference:

QUESTION 20 You work as a technology specialist in an international company named Wiikigo. Your major job is to configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active Directory infrastructure and maintaining Active Directory objects. There is an Active Directory domain in your company. A new domain controller is installed in the domain. It is reported by a few users that the domain cannot be logged on. According to the company requirements, the SRV records should be reregistered. On the new domain controller, which command should be run? A. On the new domain controller, the sc stop netlogon command should be run followed by the sc start netlogon command.

B. On the new domain controller, the netsh interface reset command should be run. C. On the new domain controller, the ipconfig /flushdns command should be run. D. On the new domain controller, the dnscmd /EnlistDirectoryPartition command should be run. Answer: A Section: (none) Explanation/Reference:

QUESTION 21 You work as a technology specialist in an international company named Wiikigo. Your major job is to configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active Directory infrastructure and maintaining Active Directory objects. Now according to the company requirement, you are decommissioning domain controllers that hold all forest-wide operations master roles. According to the company requirement, all forest-wide operations master roles need to be transferred to another domain controller. Which two roles should you transfer? A. Infrastructure master should be transferred. B. Domain naming master should be transferred. Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement----C. RID master should be transferred. D. PDC emulator should be transferred. E. Schema master should be transferred. Answer: BE Section: (none) Explanation/Reference:

QUESTION 22 You work as a technology specialist in an international company named Wiikigo. Your major job is to configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active Directory infrastructure and maintaining Active Directory objects. In the company, the default domain GPO is configured according to following account policy settings listed in the form. Microsoft SQL Server is installed on a computer named S01, and Windows Server 2008 is run by S01. A service account named SQLSer is utilized by the SQL Server application.

Domain user rights are given to the SQLSer account. The SQL Server computer functions properly at the beginning. However, it fails to run after several months. You find that the SQLSer user account is not locked out. Since you are the technical support, you are required to solve the problem of the server failure and stop the reappearance of the failure. What should be done to achieve the goal? (Choose more than one.)

A. To achieve the goal, the properties of the SQLSer account should be configured to User cannot change password. B. To achieve the goal, the local security policy on S01 should be configured to explicitly grant the SQLSer user account the Allow logon locally user right. C. To achieve the goal, the password of the SQLSer user account should be reset. D. To achieve the goal, the local security policy on S01 should be configured to grant the Logon as a service right on the SQLSeruser account. E. To achieve the goal, the properties of the SQLSer account should be configured to Password never expires. Answer: CE Section: (none) Explanation/Reference:

QUESTION 23 You work as a technology specialist in an international company named Wiikigo. Your major job is to configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active Directory infrastructure and maintaining Active Directory objects. There is a domain controller named DC01 Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement----that runs Windows Server 2008 in your company. And the company configures DC01 as a DNS server for wiikigo.com. The DNS Server server role is installed on a member server named S01 and then a standard secondary zone is created for wiikigo.com. DC01 is configured as the master server for the zone. You should make sure that zone updates can be received by S01 from DC01. Which action should be

performed to achieve the goal? A. B. C. D. On DC01, the zone transfer settings for the wiikigo.com zone should be changed. The S01 computer account should be added to the DNSUpdateProxy group. On S01, a conditional forwarder should be added. On DC01, the permissions of wiikigo.com zone should be changed.

Answer: A Section: (none) Explanation/Reference:

QUESTION 24 You work as a technology specialist in an international company named Wiikigo. Your major job is to configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active Directory infrastructure and maintaining Active Directory objects. There is a server in your company. And an instance of Active Directory Lightweight Directory Services (AD LDS) is run by the server. According to the company requirements, you should have new organizational units created in the AD LDS application directory partition. Which action should be performed to achieve the goal? A. You should create the organizational units by utilizing the dsmod OU <OrganizationalUnitDN> command. B. You should create the organizational units on the AD LDS application directory partition by utilizing the Active Directory Users and Computers snap-in. C. You should create the organizational units on the AD LDS application directory partition by utilizing the ADSI Edit snap-in. D. You should create the organizational units by utilizing the dsadd OU <OrganizationalUnitDN> command. Answer: C Section: (none) Explanation/Reference:

QUESTION 25 You work as a technology specialist in an international company named Wiikigo. Your major job is to configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active Directory infrastructure and maintaining Active Directory objects. A single Active Directory domain is contained by your network. There is a domain controller and a member server, and Windows Server 2008 is run by the server. The company configures both servers as DNS servers. Either Windows XP Service Pack 2 or Windows Vista Client is run by computers. There is a standard primary zone on the domain controller. A

secondary copy of the zone is hosted by the member server. According to the company requirements, you should make sure that host (A) records in the DNS zone can only be permitted only by authenticated users. Which action should be performed first? A. All computer accounts should be added to the DNSUpdateProxy group. B. The standard primary zone should be converted to an Active Directory-integrated zone. Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement----C. On the member server, a conditional forwarder should be added. D. On the member server, Active Directory Domain Services should be installed. Answer: B Section: (none) Explanation/Reference:

QUESTION 26 Which of the following are required to create a domain controller successfully? (Choose all that apply.) A. B. C. D. A valid DNS domain name A valid NetBIOS name A DHCP server to assign an IP address to the domain controller A DNS server

Answer: AB Section: (none) Explanation/Reference:

QUESTION 27 You are hired as the network administrator in your company. All the servers in your company run windows 2008. The network of your company consists of a single Active Directory domain. There are two Active Directory-integrated zones named CO1.com and CO2.com in the domain. All domain controllers are configures as DNS servers. The company has instructed you to make sure that a user is able to modify records in Hi-tech es.com while preventing the user to modify the SOA record in CO2.com zone. What should you do to achieve this task? A. Modify the permissions of CO1.com zone by accessing the DNS Manager Console B. Configure the user permissions on CO1.com to include all the users and configure the user permissions on CO2.com to allow only the administrators group to modify the records

C. Modify the permission of CO2.com zone by accessing the DNS Manager Console D. Modify the Domain Controllers organizational unit by accessing the Active Directory Users and Computers console. Answer: A Section: (none) Explanation/Reference:

QUESTION 28 You are the administrator for a nationwide company with over 5,000 employees. Your main office has approximately 4,500 employees, there are ten remote offices in the company. Each remote office has 50 users. Usually, you are not clear about the physical security at these offices. However, since there is a fairly sizable amount of users at each office, you must provide them with directory services. What is the BEST option to use for directory services when security is often an unknown? A. B. C. D. Lightweight Directory Services Read-only domain controllers Active Directory Federation Services Active Director Rights Management Services

Answer: B Section: (none) Explanation/Reference: Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement-----

QUESTION 29 Trey Research has recently acquired Litware, Inc. Because of regulatory issues related to data replication, it is decided to configure a child domain in the forest for Litware users and computers. The Trey Research forest currently contains only Windows Server 2008 domain controllers. The new domain will be created by promoting a Windows Server 2008 domain controller, but you might need to use existing Windows Server 2003 systems as domain controllers in the Litware domain. Which functional levels will be appropriate to configure? A. Windows Server 2008 forest functional level and Windows Server 2008 domain functional level for the Litware domain B. Windows Server 2008 forest functional level and Windows Server 2003 domain functional level for the Litware domain

C. Windows Server 2003 forest functional level and Windows Server 2008 domain functional level for the Litware domain D. Windows Server 2003 forest functional level and Windows Server 2003 domain functional level for the Litware domain Answer: D Section: (none) Explanation/Reference:

QUESTION 30 You are hired as the network administrator in your company. In your company there are two servers named server01 and server02 that runs Windows Server 2008. servers named Hi-tech A and Hi-tech B. DNS servers are configured as shown in the table: Domain users are unable to connect to the Internet website using Hi-tech B because it is configured as a preferred DNS server. You have to enable Internet name resolution for all client computers. What should you do to achieve this task?

A. B. C. D.

Delete the .(root) zone from Hi-tech B. Configure conditional forwarding on Hi-tech B. Update the Cache.dns file on Hi-tech B. Configure conditional forwarding on Hi-tech A. Create a copy of the .(root) zone on Hi-tech A. Update the list of root hints servers on Hi-tech B.

Answer: A Section: (none) Explanation/Reference:

QUESTION 31 You are logged on as Administrator to SERVER02, one of four domain controllers in the hi-tech.com domain that run Server Core. You want to demote the domain controller. Which of the following is required? Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement-----

A. B. C. D.

The local Administrator password The credentials for a user in the Domain Admins group The credentials for a user in the Domain Controllers group The address of a DNS server

Answer: A Section: (none) Explanation/Reference:

QUESTION 32 Hi-tech .com has an Active Directory domain called es. Hi-tech .com. Hi-tech .com has a subsidiary company named Woksworks Inc. Woksworks Inc. has an Active Directory domain called intranet.woksworks.com. Since woksworks Inc. security policy doesn't allow the transfer of internal DNS zone data outside the woksworks network, you have to make sure that Hi-tech .com users are able to resolve names from intranet.woksworks.com domain. What should you do to achieve this task? A. B. C. D. Set the conditional forwarding for the intranet.woksworks.com domain Put intranet.woksworks.com in the Active Directory of Hi-tech .com Create a subzone for the intranet.woksworks.com domain Reconfigure the intranet.woksworks.com domain as a standard secondary zone

Answer: A Section: (none) Explanation/Reference:

QUESTION 33 You are the administrator for a nationwide company with over 5,000 employees. Your director tells you your company has just signed into a partnership with another organization, and that you will be responsible for ensuring that authentication can occur between both organizations without the need for additional sign-on accounts. Your boss mentions that the partner has a variety of Directory Services installed throughout their organizations. Which of the following can Active Directory Federation Services NOT connect to? A. B. C. D. Lightweight Directory Services Windows Server 2003 Directory Services Windows Server 2003 R2 Directory Services All of the above

Answer: B Section: (none) Explanation/Reference:

QUESTION 34 SERVER02 is running Server Core. It is already configured with the AD DS role. You want to add Active Directory Certificate Services (AD CS) to the server. What must you do? A. B. C. D. Install the Active Directory Certificate Services role. Install the Active Directory Federated Services role. Install the AD RMS role. Reinstall the server as Windows Server 2008 (Full Installation).

Answer: D Section: (none) Explanation/Reference: Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement-----

QUESTION 35 You work as a technology specialist in an international company named Wiikigo. Your major job is to configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active Directory infrastructure and maintaining Active Directory objects. There are two Active Directory forests in your company, and they are respectively named wiikigo.com and cosoto.com. Only domain controllers are run by both forests, and Windows Server 2008 is run by the domain controller. The domain functional level of wiikigo.com is Windows Server 2008. You can see that the domain functional level of cosoto.com is Windows Server 2003 Native mode. An external trust is configured between wiikigo.com and cosoto.com. Since you are the technical support, you are required to enable the Kerberos AES encryption option. To achieve the goal, which action should be performed to achieve the goal? A. B. C. D. To achieve the goal, the forest functional level of cosoto.com should be raised to Windows Server 2008. To achieve the goal, the domain functional level of cosoto.com should be raised to Windows Server 2008. To achieve the goal, a new forest trust should be created and forest-wide authentication should be enabled. To achieve the goal, the forest functional level of wiikigo.com should be raised to Windows Server 2008.

Answer: B Section: (none)

Explanation/Reference:

QUESTION 36 Hi-tech .com has two Active Directory forests named Hi-tech.com and vervoks.com. The company network has three DNS servers named Hi-tech A, Hi-tech B, and Hi-tech C. The DNS servers are configured as shown in the table: All computers that belong to the vervoks.com domain have Hi-tech C configured as the preferred DNS server. All other computers use Hi-tech A as the preferred DNS server. Users from the acme.com domain are unable to connect to the servers that belong to the Hi-tech .com domain. You need to ensure users in the acme.com domain are able to resolve all Hi-tech .com queries. What should you do to achieve this task?

A. B. C. D.

Create a copy of the _msdcs.Hi-tech.com zone on the Hi-tech C server. Configure conditional forwarding on Hi-tech A and Hi-tech B to forward vervoks.com queries to Hi-tech C. Configure conditional forwarding on Hi-tech C to forward Hi-tech .com queries to Hi-tech A. Create a copy of the vervoks.com zone on the Hi-tech A server and the Hi-tech B server.

Answer: C Section: (none) Explanation/Reference: Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement-----

QUESTION 37 You are a support professional for Hi-tech, Ltd. The domain's administrators have distributed a custom console with the Active Directory Users and Computers snap-in. When you open the console and attempt to reset a user's password, you receive Access Denied errors. You are certain that you have been delegated permission to reset passwords for users. What is the best solution? A. Close the custom console and open Server Manager. Use the Active Directory Users and Computers snapin in Server Manager. B. Close the custom console and open a command prompt. Type dsa.msc.

C. Close the custom console, and then right-click the console and choose Run As Administrator. Type the credentials for your secondary administrative account. D. Close the custom console, and then right-click the console and open a command prompt. Use the DSMOD USER command with the -p switch to change the user's password. Answer: C Section: (none) Explanation/Reference:

QUESTION 38 You are hired as the network administrator in your company. In your company there's a server named Server01 that runs Windows Server 2008. You company has an Active Directory forest with single domain. Server01 works as the Domain Controller with Active Directory Federation Services (AD FS) role installed. Server01 is configured as a DNS server. You have to record all inbound DNS queries to server01. What should you do? A. B. C. D. In the DNS Manager Console Enable automatic testing for simple queries. In the DNS Manager Console Enable debug logging. In the DNS Manager Console Configure event logging to log errors and warnings. In the DNS Manager Console Enable automatic testing for recursive queries.

Answer: B Section: (none) Explanation/Reference:

QUESTION 39 You are the administrator for a nationwide company with over 5,000 employees. Your main office has approximately 4,500 employees, while your company's ten remote offices have 50 users each residing in them. You are often unaware of the physical security in place at these offices. However, since there is a fairly sizable amount of users at each office, you need to provide them with directory services. What is the BEST option to use for directory services when security is often an unknown? A. B. C. D. Lightweight Directory Services Read-only domain controllers Active Directory Federation Services Active Director Rights Management Services

Answer: B Section: (none) Explanation/Reference:

QUESTION 40 You have opened a command prompt, using Run As Administrator, with credentials in the Domain Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement----Admins group. You use the Dsrm command to remove an OU that had been created accidentally by James, a member of the Administrators group of the domain. You receive the response: Dsrm Failed: Access Is Denied. What is the cause of the error? A. B. C. D. You must launch the command prompt as a member of Administrators to perform Active Directory tasks. Only Administrators can delete OUs. Only the owner of the OU can delete an OU. The OU is protected from deletion.

Answer: D Section: (none) Explanation/Reference:

QUESTION 41 You are hired as the network administrator in your company. All servers in your company run Windows Server 2008. The company has a single Active Directory domain. Server01 and Server02 work as the domain controllers with DNS server role installed. You plan to install a new DNS server named Server03 on the perimeter network. Server01 is configured to forward all unresolved name requests to Server03. You discover that the DNS forwarding option is unavailable on Server02. You need to configure DNS forwarding on the Server02 to point to the Server03. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.) A. B. C. D. Clear the DNS cache on Server02. Delete the Root zone on Server02. Configure the Listen On address on Server02. Configure conditional forwarding on Server02.

Answer: BD Section: (none) Explanation/Reference:

QUESTION 42 You want to enable your help desk to reset user passwords and unlock user accounts. Which of the following tools can be used? (Choose all that apply.) A. B. C. D. The Delegation of Control Wizard DSACLS DSUTIL The Advanced Security Settings dialog box

Answer: ABD Section: (none) Explanation/Reference:

QUESTION 43 You are hired as the network administrator in your company. Your company has an Active Directory forest. All domain controllers run Windows Server 2008 and are configured as DNS servers. You have an Active Directory-integrated zone for Hi-tech .com. You have a Unix-based DNS server. You need to configure your Windows Server 2008 environment to allow zone transfers of the Hi-tech .com zone to the Unix-based DNS server. What should you do in the DNS Manager console? A. Create a secondary zone. Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement----B. Enable BIND secondaries. C. Disable recursion. D. Create a stub zone. Answer: B Section: (none) Explanation/Reference:

QUESTION 44 The Web development team has requested that you implement a new Web server in a DMZ that will be used for presenting Web sites to customers. Which of the following is NOT a reason for using Windows Server 2008 Core Server? A. A Core installation does not require a Windows Server 2008 license. B. A Core installation does not provide GUIs, which limits console access.

C. Core Server installs fewer services than a full installation of Windows Server 2008. D. Core Server uses fewer resources than a full installation of Windows Server 2008. Answer: A Section: (none) Explanation/Reference:

QUESTION 45 You are an administrator at a large university, and you have just been sent an Excel file containing information about 2,000 students who will enter the school in two weeks. You want to create user accounts for the new students with as little effort as possible. Which of the following tasks should you perform? A. B. C. D. Create a user account template and copy it for each student. Run LDIFDE -i. Use CSVDE -i. Run the DSADD USER command.

Answer: C Section: (none) Explanation/Reference:

QUESTION 46 You work as a technology specialist in an international company named Wiikigo. Your major job is to configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active Directory infrastructure and maintaining Active Directory objects. There is an Active Directory domain in your company. Windows Server 2008 is run by all servers. An Enterprise Root certification authority (CA) and an Enterprise Intermediate CA is used by your company. The Enterprise Intermediate CA certificate expires. According to the company requirement, a new Enterprise Intermediate CA certificate needs to be deployed to all computers in the domain. So What action should you perform? A. The new certificate should be imported into the Intermediate Certification Store in the Default Domain group policy object. B. The new certificate should be imported into the Intermediate Certification Store on the Enterprise Root CA server.

C. The new certificate should be imported into the Intermediate Certification Store on the Enterprise Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement----Intermediate CA server. D. The new certificate should be imported into the Intermediate Certification Store in the Default Domain Controllers group policy object. Answer: A Section: (none) Explanation/Reference:

QUESTION 47 You are hired as the network administrator in your company. Your company network consists of a single Active Directory domain. Ten domain controllers are present in the domain. All domain controllers run Windows Server 2008 and are configured as DNS servers. You are instructed to create a new Active Directory-integrated zone. You have to make sure that the new zone is only replicated to four of your domain controllers. What should you do first? A. B. C. D. execute dnscmd/enlistdirectorypartition from the command prompt Configure a delegation in the DomainDnsZones application directory partition Configure a new delegation in the ForestDnsZones application directory partition Run dnscmd/createdirectorypartition from the command prompt

Answer: D Section: (none) Explanation/Reference:

QUESTION 48 You are an administrator at a large university. Which command can be used to delete user accounts for students who graduated? A. B. C. D. LDIFDE Dsmod DEL CSVDE

Answer: A Section: (none) Explanation/Reference:

QUESTION 49 You have a Windows Server 2003 R2 domain currently running in your organization. You would like to install a read-only domain controller into your Directory Services structure, but you do not want to completely upgrade your domain to Windows Server 2008 Directory Services just yet. What do you need to do in order to add an RODC? A. B. C. D. Change the domain functional level to Windows Server 2008 mixed mode. Change the forest functional level to Windows Server 2008 mixed mode. Run adprep on a Windows Server 2003 R2 domain controller. An RODC cannot be added until the entire domain is a Windows Server 2008 Directory Services domain.

Answer: C Section: (none) Explanation/Reference:

QUESTION 50 Hi-tech .com has a single Active Directory domain called int. Hi-tech .com. You have installed domain Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement----controllers with a DNS server role. The domain controllers run Windows Server 2008. Every computer in the domain and non-domain members, register their DNS records dynamically. You want only the domain members to register their DNS records dynamically. What should you do to configure int. Hi-tech .com? A. B. C. D. Configure zone transfers to Name Servers Set the Primary DNS server to register authenticated members only Disable Everyone group in the Dynamic Objects permission Set the option Secure only for Dynamic updates

Answer: D Section: (none) Explanation/Reference:

QUESTION 51 You want to create a user object with Windows PowerShell. Which of the following must you do? A. Use the Create-User cmdlet. B. Use the NewUser method of ADSI.

C. Invoke the Create method of an OU. D. Use the set objUser=CreateObject statement. Answer: C Section: (none) Explanation/Reference:

QUESTION 52 You are hired as the network administrator in your company. Your company has a network consisting of an Active Directory forest named ebd.com. All servers have Windows Server 2008. All domain controllers are configured as DNS servers. The ebd.com DNS zone is stored in ForestDnsZones Active directory partition. A member server contains a standard primary DNS zone for eb.ebd.com. You need to make sure that all domain controllers can resolve names for eb.ebd.com. What should you do to achieve this task? A. B. C. D. Create a delegation in the ebd.com zone Change the properties of SOA record in the eb.ebd.com zone Add NS record in the ebd.com zone Create a secondary zone on a Global catalog server

Answer: A Section: (none) Explanation/Reference:

QUESTION 53 You want to create a user object with a single command. Which of the following should you do? A. B. C. D. Use the Create-Item cmdlet. Use the SetInfo method. Use the Create method of an OU. Use the Dsadd command.

Answer: D Section: (none) Explanation/Reference:

QUESTION 54 You are hired as the network administrator in your company. In your company there's a server named Server01 that runs Windows Server 2008. Server01 works as a Domain Controller is configured as DNS Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com

Yahoo Messenger: itcertquick@yahoo.com -----Advertisement----server in a single Active Directory domain. The domain contains one Active Directory-integrated DNS zone. You have to make sure that outdated DNS records are removed from the DNS zone automatically. What should you do to achieve this task? A. B. C. D. Modify the TTL of the SOA record by accessing the zone properties Disable updates from the zone properties Execute netsh/Reset DNS command from the Command prompt Enable Scavenging by accessing the zone properties

Answer: D Section: (none) Explanation/Reference:

QUESTION 55 Which of the following Directory Services administration tools can be used in a Windows Server 2008 Lightweight Directory Services installation? A. B. C. D. Active Directory Users and Computers Active Directory Sites and Services Active Directory Domains and Trusts Active Directory Licensing Manager

Answer: B Section: (none) Explanation/Reference:

QUESTION 56 Which of the following lines of Windows PowerShell code are necessary to create a user object in the People OU? (Choose all that apply. Each correct answer is a part of the solution.) A. B. C. D. $objUser=$objOU.Create("user","CN=Jeff Ford") $objUser.SetInfo() $objUser=CreateObject("LDAP://CN=Jeff Ford,OU=People,DC=hi-tech,DC=com") $objOU=[ADSI]"LDAP://OU=People,DC=hi-tech,DC=com"

Answer: ABD Section: (none) Explanation/Reference:

QUESTION 57 You work as a technology specialist in an international company named Wiikigo. Your major job is to configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active Directory infrastructure and maintaining Active Directory objects. Since you are the technical support, you are required to have an offline defragmentation of an Active Directory database performed. Which four actions should you perform in sequence? (To answer, move the appropriate four actions from the list of actions to the answer area and arrange them in the correct order.) 1 ntds.dit should be compacted. 2 The ntds.dit file should be moved to %WINDIR%\NTDS. 3 The domain controller should be restarted in Safe Mode. 4 The Active Directory Domain Services service should be started. 5 The ntds.dit file should be replicated to %WINDIR%\SYSVOL Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement----6 The Active Directory Domain Services service should be stopped. A. B. C. D. 6->1->2->4 5->1->3->4 6->4->3->1 4->6->3->5

Answer: A Section: (none) Explanation/Reference:

QUESTION 58 You are hired as the network administrator in your company. In your company there's a server named Server01 that runs Windows Server 2008. Server01 is configured as DNS server and has 4 ctive DirectoryCintegrated zones. For auditing purposes, you have to provide copies of the zone files of the DNS server to the security audit group. What should you do to achieve this task? A. B. C. D. Execute ntdsutil > Partition Management > Display commands execute ipconfig/registerdns command execute the dnscmd/ZoneExport command Execute dnscmd/Zoneoutput command

Answer: C Section: (none) Explanation/Reference:

QUESTION 59 You want to set the Office property of ten users in two different OUs. The users currently have the Office property configured as Miammi. You recently discovered the typographic error and want to change it to Miami. What can you do to make the change? (Choose all that apply.) A. B. C. D. Select all ten users by holding the Ctrl key and opening the Properties dialog box. Use Dsget and Dsmod. Use Dsquery and Dsmod. Use Get-Item and Move-Item.

Answer: C Section: (none) Explanation/Reference:

QUESTION 60 You are hired as the network administrator in your company. In your company there are two servers named Server01 and Server02 that run Windows Server 2008. Server01 works as a Domain Controller and is configured as DNS server in a single Active Directory domain. Server02 is a member of the domain as the standard secondary zone with DNS Server role installed.You configured Server01 as the master server for the zone. What should you do to make sure that Server02 receives zone updates from Server01? A. B. C. D. On Server02, add a conditional forwarder. On Server01, modify the zone transfer settings for the zone. Add the Server02 computer account to the DNSUpdateProxy group. On Server01, modify the permissions of the zone. Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement-----

Answer: B Section: (none) Explanation/Reference:

QUESTION 61 BitLocker is a new technology that is available in Windows Server 2008 as well as Windows Vista. Which is NOT an advantage of using BitLocker? A. BitLocker can be used to prevent a hacker from detecting my password. B. BitLocker prevents someone from removing a hard drive from a system and reading it by installing it on another system. C. BitLocker prevents someone from loading another operating system onto the server and reading the contents of the disk using this additional operating system. D. All of the above selections are an advantage of using BitLocker. Answer: A Section: (none) Explanation/Reference:

QUESTION 62 You want to move a user from the Paris OU to the Moscow OU. Which tools can you use? (Choose all that apply.) A. B. C. D. E. Move-Item The MoveHere method of the Moscow OU Dsmove Redirusr.exe Active Directory Migration Tool

Answer: BC Section: (none) Explanation/Reference:

QUESTION 63 Hi-tech .com has a main office and a branch office. All servers in both offices run Windows Server 2008. The offices are connected through a MAN link. Hi-tech .com has an Active Directory domain that hosts a single domain called maks. Hi-tech .com. There is a domain controller in the maks. Hi-tech .com domain called Server01 . It is located in the main office. You have configured Server01 as a DNS server for maks. Hi-tech .com DNS zone. It is configured as a standard primary zone. You are instructed to install a new domain controller called Server02 in the branch office. After installing the domain controller, you install DNS on Server02 . You want to ensure that the DNS service on Server02 can update records and resolve DNS queries in the event of a MAN link failure.

What should you do to achieve this objective? A. B. C. D. Configure the DNS on Server01 to forward requests to Server02 Add a secondary zone named raks. Hi-tech .com on Server02 Convert maks. Hi-tech .com on Server01 to an Active Directory-integrated zone Configure a new stub zone on Server01 and set the forwarding option to Server02

Answer: C Section: (none) Explanation/Reference: Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement-----

QUESTION 64 A user reports that she is receiving a logon message that states, "Your account is configured to prevent you from using the computer. Please try another computer." What should you do to enable her to log on to the computer? A. B. C. D. Click the Log On To button on the Account tab of her user account. Click the Allowed To Join Domain button in the New Computer dialog box. Use the Dsmove command. Give her the right to log on locally, using the local security policy of the computer

Answer: A Section: (none) Explanation/Reference:

QUESTION 65 You are the administrator for a nationwide company that currently runs Windows Server 2008 DNS and are reviewing the resource records in your Active Directory-integrated DNS zone. You notice there are hostnames that do not meet your company's naming convention and verify that the computers are not members of your Active Directory domain. What must you do to ensure these hosts cannot create records in your DNS zone? A. B. C. D. Disable DNS and enable DHCP. Configure your zone to enable secure dynamic updates. Disable dynamic updates in your zone. You cannot prevent this from occurring in DNS.

Answer: B Section: (none) Explanation/Reference:

QUESTION 66 Hi-tech .com has a single Active Directory domain. You have configured all domain controllers in the network as DNS servers and they run Windows Server 2008. A domain controller named Server01 has a standard Primary zone for Hi-tech .com and a domain controller named Server02 has a standard secondary zone for Hi-tech .com. You have to make sure that the replication of the Hi-tech .com zone is encrypted so you might not loose any zone data. What should you do to achieve this task? A. B. C. D. Create a stub zone and delete the secondary zone Convert the primary zone into an active directory zone and delete the secondary zone Change the interface where DNS server listens on both servers On the standard primary zone, configure zone transfer settings. After that modify the master servers lists on the secondary zone

Answer: B Section: (none) Explanation/Reference:

QUESTION 67 You are hired as the network administrator in your company. Your company has a main office and a branch office that are configured as a single Active Directory forest. The functional level of the Active Directory forest is Windows Server 2003. There are four Windows Server 2003 domain controllers in the main office. You need to ensure that you are able to deploy a read-only domain controller (RODC) at the Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement----branch office. Which two actions should you perform?(Choose two answers. Each answer is a part of the complete solution.) A. B. C. D. Run the adprep/rodcprep command. Deploy a Windows Server 2008 domain controller at the main office. Raise the functional level of the domain to Windows Server 2008. Raise the functional level of the forest to Windows Server 2008.

Answer: AB

Section: (none) Explanation/Reference:

QUESTION 68 You work as a technology specialist in an international company named Wiikigo. Your major job is to configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active Directory infrastructure and maintaining Active Directory objects. There is an Active Directory forest in your company. And two domains are included by the Active Directory forest. Universal groups are included by the forest. And members from each domain are included by the universal groups. There is a domain controller named DC01 in the branch office. It is reported by users at the branch office that it takes quite long time to log on. Since you are the technical support, you are required to reduce the amount of logon time for the branch office users. Which action should be performed to achieve the goal? A. To achieve the goal, the replication interval on the site link that connects the branch office to the corporate network should be reduced. B. To achieve the goal, the replication interval on the site link that connects the branch office to the corporate network should be improved. C. To achieve the goal, DC01 should be configured as a Global Catalog server. D. To achieve the goal, DC01 should be configured as a bridgehead server for the branch office site. Answer: C Section: (none) Explanation/Reference:

QUESTION 69 A new project requires that users in your domain and in the domain of a partner organization have access to a shared folder on your file server. Which type of group should you create to manage the access to the shared folder? A. B. C. D. Universal security group Domain local security group Global security group Domain local distribution group

Answer: B Section: (none) Explanation/Reference:

QUESTION 70 Your domain includes a global distribution group named Company Update. It has been used to send company news by e-mail to its members. You have decided to allow all members to contribute to the newsletter by creating a shared folder on a file server. What must you do to allow group members access to Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement----the shared folder? A. B. C. D. Change the group scope to domain local. Change the group scope to universal. Add the group to the Domain Users group. Use Dsmod with the-secgrp yes switch.

Answer: D Section: (none) Explanation/Reference:

QUESTION 71 You are hired as the network administrator in your company. Your company has servers that run Windows Server 2008. There are 2 domain controllers installed on the network. An Active Directory database is installed on the D volume of a domain controller. You want to move the Active Directory database to a new volume. What should you do to achieve this task? A. B. C. D. Open the Files option in the Ntdsutil utility and move the ntds.dit file to the new volume. Move the ntds.dit file to the new volume using Copy Paste function in the Windows Power Shell. Use XCOPY command on Windows Command prompt to move ntds.dit file to the new volume. Use Windows Explorer to move ntds.dit file to the new volume.

Answer: A Section: (none) Explanation/Reference:

QUESTION 72 You are creating a new standard primary zone for the company you work for, Name Resolution University, using the domain nru.corp. You create the zone through the DNS management console,and now you want to view the corresponding DNS zone file, nru.corp.dns. Where do you need to look in order to find

this file? A. B. C. D. You cannot view the zone file because it is stored in Active Directory. You can look in the %systemroot%\system32\dns folder. You cannot view the DNS file except by using the DNS management console. The DNS zone file is actually just a key in the Windows Registry. You need to use the Registry Editor if you want to view the file.

Answer: B Section: (none) Explanation/Reference:

QUESTION 73 Which of the following can be used to remove members from a group? (Choose all that apply.) A. B. C. D. E. Remove-Item Dsrm Dsmod LDIFDE CSVDE

Answer: BCD Section: (none) Explanation/Reference: Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement-----

QUESTION 74 Hi-tech .com has a single Active Directory domain named ad. Hi-tech .com. Windows Server 2008 is installed on all domain controllers. The domain functional level and forest functional level are set to Windows 2000 native mode. You have to ensure the UPN suffix for Hi-tech .com is available for user accounts. What should you do first to achieve this task? A. Change the Primary DNS Suffix option in the Default Domain Controllers Group Policy Object (GPO) to Hitech .com. B. Add the new UPN suffix to the forest. C. Raise the Hi-tech .com domain functional level to Windows Server 2003 or Windows Server 2008. D. Raise the Hi-tech .com forest functional level to Windows Server 2003 or Windows Server 2008. Answer: B Section: (none) Explanation/Reference:

QUESTION 75 You are using Dsmod to add a domain local group named GroupA to a global group named GroupB. You are receiving errors. Which command will solve the problem so that you can then add GroupA to GroupB? (Choose all that apply.) A. B. C. D. Dsrm.exe Dsmod.exe Dsquery.exe Dsget.exe

Answer: B Section: (none) Explanation/Reference:

QUESTION 76 Hi-tech .com has a network consisting of a single Active Directory domain. All domain controllers run Windows Server 2003. Hi-tech .com instructs you to upgrade all domain controllers to Windows Server 2008. After upgrading the domain controllers, you need to ensure that the ebsysvolume share replicates by using DFS Replication (DFS-R). What should you do to achieve this task? A. B. C. D. Run dfsutil/addrot:ebsysvolume on the command prompt Run netdom/dfs-r from the command prompt Run dcpromo/attend:attendfile.xml Raise the functional level of the domain to Windows Server 2008

Answer: D Section: (none) Explanation/Reference:

QUESTION 77 You have removed WINS from your environment, but still have at least one legacy PC and application that requires NetBIOS resolution. What solution can you use in place of WINS to address NetBIOS resolution? A. GlobalNames zones. B. Reverse zones.

C. Dynamic updates. Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement----D. None of the above. You need WINS for NetBIOS. Answer: A Section: (none) Explanation/Reference:

QUESTION 78 Your management has asked you to produce a list of all users who belong to the Special Project group, including those users belonging to groups nested into Special Project. Which of the following can you use? A. B. C. D. Get-Members Dsquery.exe LDIFDE Dsget.exe

Answer: D Section: (none) Explanation/Reference:

QUESTION 79 You work as a technology specialist in an international company named Wiikigo. Your major job is to configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active Directory infrastructure and maintaining Active Directory objects. There is an Active Directory domain in the company. Two domain controllers are contained in the company. They are respectively named DC01 and DC02. DC01 holds the schema master role, while DC02 fails. You use the administrator account to log on to Active Directory. You cannot transfer the schema master role. You have to make sure that DC2 holds the schema master role. So what action should you perform? A. B. C. D. Seize the schema master role on DC02. DC02 should be configured as a bridgehead server. You should register the Schmmgmt.dll and start the Active Directory Schema snap-in. Utilize an account that is a member of the Schema Admins group to log off and log on again to Active Directory. Start the Active Directory Schema snap-in.

Answer: A Section: (none)

Explanation/Reference:

QUESTION 80 Your company is conducting a meeting for a special project. The data is particularly confidential. The team is meeting in a conference room, and you have configured a folder on the conference room computer that grants permission to the team members. You want to ensure that team members access the data only while logged on to the computer in the conference room, not from other computers in the enterprise. What must you do? A. B. C. D. Assign the Allow Read permission to the Interactive group. Assign the Allow Read permission to the team group. Assign the Deny Traverse Folders permission to the team group. Assign the Deny Full Control permission to the Network group.

Answer: D Section: (none) Explanation/Reference: Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement-----

QUESTION 81 Hi-tech.com has an Active Directory forest which runs Windows Server 2008. It has branch offices all around the world. The forest includes finance organizational units for an office in the following locations: New York London Amsterdam Rome Each location has a child organizational unit named finance. The finance organizational unit hosts all the users and computers in the finance department. The offices in London and, Amsterdam and New York are connected by T1 connections. However, the office in Rome is connected by a 128-Kbps ISDN connection. Hi-tech .com has instructed you to install an application on all computers in the finance department. Which two actions should you perform to achieve this task? (Choose two answers. Each answer is a part of the complete solution)

A. Create a Group Policy Object (GPO) named accountingtree Install that assigns the application to the computers. Link the GPO to each finance organizational unit B. Create a GPO named accounting tree install that assigns the application to each user in the organizational unit. Link the GPO to each finance organizational unit C. Change the slow link detection setting to 2,544 Kbps (T1) in the GPO D. Disable the slow link detection setting in the GPO Answer: AC Section: (none) Explanation/Reference:

QUESTION 82 You've just created a new zone in DNS on a Windows Server 2008-based computer. You check the zone and notice that the only records in it are the SOA and NS RRs. Checking the configuration, you see that the zone is configured to accept dynamic updates. What should you do next? A. B. C. D. Manually add all RRs for the zone, including A, CNAME, PTR, and SRV records. Manually add A records for all hosts that cannot use dynamic updating. Manually add A RRs and PTR RRs for all hosts that will be using dynamic updating. Manually initiate a zone transfer to replicate all the needed RR to the new zone.

Answer: B Section: (none) Explanation/Reference:

QUESTION 83 You want to allow a user named Mike Danseglio to add and remove users from a group called Special Project. Where can you configure this permission? A. B. C. D. The Members tab of the group The Security tab of Mike Danseglio's user object The Member Of tab of Mike Danseglio's user object The Managed By tab of the group

Answer: D Section: (none) Explanation/Reference: Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement-----

QUESTION 84 You are hired as the network administrator in your company. Your company has a single Active Directory domain. The domain controllers run Windows Server 2003. You are instructed to upgrade all domain controllers to Windows Server 2008. To accomplish this task, you have to configure the Active Directory environment to support multiple password policies application. What should you do to achieve this task? A. B. C. D. Create four Active Directory sites Execute dcpromo/adv on all domain controllers Execute dcpromo/adv on only 2 domain controllers Set the functional level of the domain to Windows Server 2008

Answer: D Section: (none) Explanation/Reference:

QUESTION 85 Which of the following groups can shut down a domain controller? (Choose all that apply.) A. B. C. D. E. Account Operators Print Operators Backup Operators Server Operators Interactive

Answer: BCD Section: (none) Explanation/Reference:

QUESTION 86 Your company has offices in North America and Europe. It has an Active Directory forest with two domains. You are assigned the task to reduce the time required to authenticate users from labs.eul.hi-tech.com domain when they access resources on eng.na.hi-tech.com domain. What should you do to achieve this task? A. B. C. D. Create a one-way shortcut trust from eng.na.hi-tech.com to labs.eul.hi-tech.com. Increase the replication interval for the DEFAULTIPSITELINK site link Create a one-way shortcut trust from labs.eul.hi-tech.com to eng.na.hi-tech.com Increase the replication interval for all connections objects.

Answer: A

Section: (none) Explanation/Reference:

QUESTION 87 You want to require all new computer accounts created when computers join the domain to be placed in the Clients OU. Which command should you use? A. B. C. D. Dsmove Move-Item Netdom Redircmp Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement-----

Answer: D Section: (none) Explanation/Reference:

QUESTION 88 You are hired as the network administrator in your company. Your company has an Active Directory domain. Another administrator at the company attempts to log on to a computer that was offline for 12 weeks. While accessing the computer, administrator receives an error message that authentication has failed. What should you do to ensure that the administrator can log on to the computer? A. B. C. D. Disjoin the computer from the domain and rejoin it to the domain. Reset the computer account Delete the computer account from the organizational unit and then add the account again Execute the netsh command on the computer and set the machine options Execute netsh trust/reset command and join the computer to the domain again.

Answer: A Section: (none) Explanation/Reference:

QUESTION 89 A DNS server, Aspen, has been successfully resolving queries but with the wrong information. You use the Monitoring function in the DNS Management Console for Aspen and test the simple and recursive queries. Both work fine. What is the most likely cause of the problem?

A. B. C. D.

Aspen is not authoritative for the zone in which the wrong information is being returned. Aspen is not configured to perform iterative queries. Some clients do not support dynamic updates, or manually entered RRs have errors. The clients that received the wrong information do not support the OPT record type.

Answer: C Section: (none) Explanation/Reference:

QUESTION 90 You work as a technology specialist in an international company named Wiikigo. Your major job is to configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active Directory infrastructure and maintaining Active Directory objects. You have a computer which runs Windows Server 2008. At present you are installing an application on this computer. During installation, the application will need to install new attributes and classes to the Active Directory database. You have to make sure that you are able to install the application. So what action should you perform? A. You should use an account that has Server Operator rights to log on. B. The functional level of the forest should be changed to Windows Server 2008. C. You should use an account that has the Enterprise Administrator rights and the appropriate rights to log on to install the application. D. You should use an account that has Schema Administrator rights and the appropriate rights to log on to install the application. Answer: D Section: (none) Explanation/Reference:

QUESTION 91 You want to prevent nonadministrative users from joining computers to the domain. What should you Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement----do? A. B. C. D. Set ms-DS-MachineAccountQuota to zero. Set ms-DS-DefaultQuota to zero. Remove the Add Workstations To Domain user right from Authenticated Users. On the domain, deny the Authenticated Users group the Create Computer Objects permission.

Answer: A Section: (none) Explanation/Reference:

QUESTION 92 You are hired as the network administrator in your company. Your company has a main office and ten branch offices. It has an Active Directory forest that hosts a single domain. Each office has one domain controller and they are configured as an Active Directory site. All sites are connected with the DEFAULTIPSITELINK object. You have to decrease the replication latency between the domain controllers. What should you do to achieve this task? A. B. C. D. Decrease the cost between the connection objects Decrease the connection replication interval for all connection objects Decrease the replication interval for the DEFAULTIPSITELINK object Increase the replication interval for the DEFAULTIPSITELINK object

Answer: C Section: (none) Explanation/Reference:

QUESTION 93 You want to join a remote computer to the domain. Which command should you use? A. B. C. D. Dsadd.exe Netdom.exe Dctest.exe System.cpl

Answer: B Section: (none) Explanation/Reference:

QUESTION 94 You are hired as the network administrator in your company. Your company has purchased a new application to deploy on 200 computers. You are instructed to deploy the application on all 200 computers. To install the application, you have to modify the registry on each target computer before installing the application. Registry modifications are in a file that has an .adm extension.

You have to prepare the target computers for the application. What should you do to achieve this task? A. Create a new Group Policy Object (GPO) and import the .adm file into it. Edit the GPO and link it to an organizational unit that contains the target computers B. Create a Microsoft Windows PowerShell script to copy the .adm file to the startup folder of each target computer. C. Create a Microsoft Windows PowerShell script to copy the .adm file to each computer. Run the REDIRCmp CONTAINER-DN command on each target computer. Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement----D. Create a Microsoft Windows PowerShell script to copy the .adm file to each computer. Run the REDIRUsr CONTAINER-DN command on each target computer. Answer: A Section: (none) Explanation/Reference:

QUESTION 95 You have been tasked with designing a new Windows Server 2008 Active Directory forest. The network is currently a combination of Windows 2000 Professional, Windows XP, Windows Vista, and Macintosh clients. You want to reduce the administration of IP addresses. Which of the following services would you implement to accomplish this? A. B. C. D. DHCP DNS WINS DDNS

Answer: A Section: (none) Explanation/Reference:

QUESTION 96 Your manager has just asked you to create an account for DESKTOP234. Which of the following enables you to do that in one step? A. B. C. D. E. CSVDE LDIFDE Dsadd Windows PowerShell VBScript

Answer: C Section: (none) Explanation/Reference:

QUESTION 97 You are hired as the network administrator in your company. The headquarters of your company is located in New York. Now your company builds its branch in Washington. The branch office in Washington is configured as a separate Active Directory site and has an Active Directory domain controller. You disable an account that has administrative rights. You need to immediately replicate the disabled account information to all sites. What are two possible ways to achieve this goal? (Each correct answer presents a complete solution. Choose two.) A. From the Active Directory Sites and Services console, select the existing connection objects and force replication. B. From the Active Directory Sites and Services console, configure all domain controllers as global catalog servers. C. Use Repadmin.exe to force replication between the site connection objects. D. Use Dsmod.exe to configure all domain controllers as global catalog servers. Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement----Answer: AC Section: (none) Explanation/Reference:

QUESTION 98 Your hardware vendor has just given you an Excel worksheet containing the asset tags of computers that will be delivered next week. You want to create computer objects for the computers in advance. Your naming convention specifies that computers' names are their asset tags. Which of the following tools can you use to import the computers? (Choose all that apply.) A. B. C. D. CSVDE LDIFDE Dsadd Windows PowerShell

E. VBScript Answer: ADE Section: (none) Explanation/Reference:

QUESTION 99 You are hired as the network administrator in your company. The headquarters of your company is located in New York. The main office has an existing Active Directory site named Site1. Now your company builds its branch in Washington. You are assigned to deploy and implement a new Active Directory site and name Site2. To configure Active Directory replication between Site1 and Site2, you install a new domain controller and create the site link between Site1 and Site2. What should you do next to achieve this task? A. Use the Active Directory Sites and Services console to configure the new domain controller as a preferred bridgehead server for Site1. B. Use the Active Directory Sites and Services console to decrease the site link cost between Site1 and Site2. C. Use the Active Directory Sites and Services console to assign a new IP subnet to Site2. Move the new domain controller object to Site2. D. Use the Active Directory Sites and Services console to configure a new site link bridge object. Answer: C Section: (none) Explanation/Reference:

QUESTION 100 Your network contains a mix of Windows 2003 and Windows Server 2008. You have three domain controllers running Windows Server 2003. Your file server, print server, and Exchange server are running Windows 2000 Server. Your DNS, DHCP, and WINS servers are running Windows Server 2008. All of your clients are running Windows XP Professional with Service Pack 2. All machines, other than the servers that require a static IP address, are configured as DHCP clients with the default settings. Your DNS server has been configured to allow dynamic updates. Which of the following records will be registered in DNS automatically? (Choose all that apply.) A. MX B. Host (A) Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement-----

C. SRV D. PTR Answer: BCD Section: (none) Explanation/Reference:

QUESTION 101 You work as a technology specialist in an international company named Wiikigo. Your major job is to configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active Directory infrastructure and maintaining Active Directory objects. There is an Active Directory forest in your company. This forest contains client computers that run Windows Vista and Windows XP. You have to make sure that users are able to install approved application updates on their computers. What should you do? (Choose more than one) A. A GPO should be created and it should be linked to the domain. The GPO should be configured to direct the client computers to the Microsoft WSUS server for approved updates. B. Automatic Updates through Control Panel should be set up on the client computers. C. A GPO should be created and it should be linked to the Domain Controllers organizational unit. The GPO should be configured to automatically search for updates on the Microsoft Update site. D. The Microsoft WSUS application should be installed on a server in the environment. The server should be configured to search for new updates on the Internet. All required updates should be approved. Answer: AD Section: (none) Explanation/Reference:

QUESTION 102 A server administrator reports Failed To Authenticate events in the event log of a file server. What should you do? A. B. C. D. Reset the server account. Reset the password of the server administrator. Disable and enable the server account. Delete the account of the server administrator.

Answer: A Section: (none) Explanation/Reference:

QUESTION 103 You are hired as the network administrator in your company. Your company has an Active Directory domain. All servers in the Active Directory run Windows Server 2008. The domain runs Enterprise Root certification authority (CA). You have to make sure that only administrators can sign code. Which two tasks should you perform to achieve this task? A. Change the local computer policy of the Enterprise Root CA to allow only administrators to manage Trusted Publishers. B. Publish the code signing template Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement----C. Change the security settings on the template to allow only the administrators to request code signing certificates D. Distribute the code signing template among the administrators and ask them to add it to the trust peer certificates. Answer: BC Section: (none) Explanation/Reference:

QUESTION 104 A computer has permissions assigned to its account to support a system service. It also belongs to 15 groups. The computer is being replaced with new hardware. The new hardware has a new asset tag, and your naming convention uses the asset tag as the computer name. What should you do? (Choose all that apply. Each correct answer is a part of the solution.) A. B. C. D. E. Delete the computer account for the existing system. Create a computer account for the new system. Reset the computer account for the existing system. Rename the computer account for the existing system. Join the new system to the domain.

Answer: CDE Section: (none) Explanation/Reference:

QUESTION 105 You are hired as the network administrator in your company. The headquarters of your company is located in New York. Now your company builds its branch in Washington. The branch office in Washington

is configured as a separate Active Directory site and has an Active Directory domain controller. You are assigned to deploy and implement a new application which requires a local global Catalog server to support at the branch office. Which tool should you use to configure the domain controller as a Global Catalog server? (Each correct answer presents part of the solution. Choose two.) A. B. C. D. E. The Active Directory Sites The Active Directory Domains The Trusts console The Services console The Computer Management console

Answer: AD Section: (none) Explanation/Reference:

QUESTION 106 You have just installed a Windows Server 2008 domain controller in your environment. Which of the following default containers holds the default groups? A. B. C. D. Users Computers Built-in Default Groups Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement-----

Answer: C Section: (none) Explanation/Reference:

QUESTION 107 Your enterprise recently created a child domain to support a research project in a remote location. Computer accounts for researchers were moved to the new domain. When you open Active Directory Users And Computers, the objects for those computers are displayed with a down-arrow icon. What is the most appropriate course of action? A. Reset the accounts.

B. Disable the accounts. C. Enable the accounts. D. Delete the accounts. Answer: C Section: (none) Explanation/Reference:

QUESTION 108 You are hired as the network administrator in your company. Your company has a domain controller that runs Windows Server 2008. It is configured as a DNS server. You have to record all inbound DNS queries to the server. What should you configure in the DNS Manager Console? A. B. C. D. To log errors and warnings, configure event logging Disable automatic logs for recursive queries Enable automatic testing for recursive queries Enable debug logging

Answer: D Section: (none) Explanation/Reference:

QUESTION 109 Your organization has one Active Directory domain in the Active Directory forest. You are responsible for creating accounts for all users in your domain. Your company just bought another company with 5000 user accounts, and you are required to create their new user accounts without using a third-party tool. Which of the following commands should be used to achieve this? A. B. C. D. dsadd dsuseradd adduser adduser.ps

Answer: A Section: (none) Explanation/Reference:

QUESTION 110 Litware, Inc., has three business units, each represented by an OU in the litwareinc.com domain. The

business unit administrators want the ability to manage Group Policy for the users and computers in their OUs. Which actions do you perform to give the administrators the ability to manage Group Policy fully for their business units? (Choose all that apply. Each correct answer is a part of the solution.) A. Copy administrative templates from the central store to the PolicyDefinitions folder on the administrators' Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement----Windows Vista workstations. B. Add business unit administrators to the Group Policy Creator Owners group. C. Delegate Link GPOs permission to the administrators in the litwareinc.com domain. D. Delegate Link GPOs permission to the each business unit's administrators in the business unit's OU. Answer: BD Section: (none) Explanation/Reference:

QUESTION 111 You are hired as the network administrator in your company. Your company has a main office and 15 branch offices. An Active Directory site with one domain controller is installed in each office. Only domain controllers in the main office are configured as Global Catalog servers. On the domain controllers in the branch offices, you need to deactivate the Universal Group Membership Caching (UGMC) option. However, you need to deactivate UGMC on a certain level. On which level should you deactivate UGMC? A. B. C. D. Site domain controllers Forest Connection object

Answer: A Section: (none) Explanation/Reference:

QUESTION 112 You work as a technology specialist in an international company named Wiikigo. Your major job is to configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active Directory infrastructure and maintaining Active Directory objects. A single Active Directory domain is

contained by your network. And there is a domain controller and a member server that run Windows Server 2008 in the company. The company configures the two servers as DNS servers. Either Windows XP Service Pack 2 or Windows Vista is run by client computers. There is a standard primary zone on the domain controller. A secondary copy of the zone is hosted by the member server. According to the company requirements, you should make sure that host (A) records in the DNS zone can only be updated by authenticated users. Which action should be performed to achieve the goal? A. B. C. D. The standard primary zone should be converted to an Active Directory-integrated zone. On the member server, a conditional forwarder should be added. On the member server, Active Directory Domain Services should be installed. All computer accounts should be added to the DNSUpdateProxy group.

Answer: A Section: (none) Explanation/Reference: Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement-----

QUESTION 113 You work as a technology specialist in an international company named Wiikigo. Your major job is to configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active Directory infrastructure and maintaining Active Directory objects. There is a single Active Directory domain in your company. Windows Server 2003 is run by all domain controllers. You have Windows Server 2008 installed on a server. Since you are the technical support, you are required to have the new server added as a domain controller in your domain. To achieve the goal, which action should be performed first? A. B. C. D. On a domain controller, adprep /rodcprep should be run. On a domain controller, adprep /forestprep should be run. On the new server, dcpromo /adv should be run. On the new server, dcpromo /createdcaccount should be run.

Answer: B Section: (none) Explanation/Reference:

QUESTION 114 You are hired as the network administrator in your company. Your company has two active directory forests called Eb1.com and Eb2.com. Both forests have domain controllers that run Windows Server 2008. Windows Server 2008 is running on the domain functional level on Eb1.com. The domain functional level of Eb2.com is Windows Server 2003 Native mode. As per instructions, you configure an external trust between Eb1.com and Eb2.com. To achieve this, you need to enable the Kerberos AES encryption option. What should you do to achieve this task? A. B. C. D. Raise the forest functional level of Eb2.com to Windows Server 2008 Configure a new forest trust and enable forest-wide authentication Drop the forest functional level of Eb1.com to Windows Server 2003 Raise the domain functional level of Eb2.com to Windows Server 2008

Answer: D Section: (none) Explanation/Reference:

QUESTION 115 You are an administrator at Hi-tech, Ltd. The hi-tech.com domain has a child domain, es.hi-tech.com, for the branch in Spain. Administrators of that domain have asked you to provide a Spanish-language interface for Group Policy Management Editor. How can you provide Spanish-language versions of administrative templates? A. Log on to a domain controller in the es.hi-tech.com domain, open %SystemRoot% \SYSVOL\domain \Policies\PolicyDefinitions, and copy the ADM files to the ES folder. B. Copy ADML files to the \\es.hi-tech.com\SYSVOL\es.hi-tech.com\policies\ PolicyDefinitions\es folder. C. Log on to a domain controller in the es.hi-tech.com domain, open %System- Root%\SYSVOL\domain \Policies\PolicyDefinitions, and copy the ADMX files to the ES folder. D. Install the Boot.wim file from the Windows Server 2008 CD on a domain controller in the child domain. Answer: BD Section: (none) Explanation/Reference: Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement-----

QUESTION 116 You are hired as the network administrator in your company. Your company has an Active Directory

domain and two domain controllers named Server01 and Server02. The Server01 hosts the Schema Master Role. Suddenly the Server01 fails. To rectify the problem, you log on to Active Directory using administrator account. You are trying to transfer the Schema Master Operations role. But you fail. What should you do to ensure that Server02 holds the Schema Master role? A. B. C. D. Register Schemamt.dll on the Active Directory domain and start the Active Directory Schema snap-in Configure Server02 as a Primary domain controller Join the Schema Administrators group and modify the Schema settings to save records on Server02 Seize the Schema Master role on Server02

Answer: D Section: (none) Explanation/Reference:

QUESTION 117 You are at a branch office of your company assisting a user on his PC. While assisting the user, you receive a phone call from your boss who wants to know why all the users are required to change their passwords the first time they log on? What would be the best way to answer his question? A. B. C. D. It's a default Active Directory group and domain policy to enforce user passwords set by the administrator. It's a default Active Directory group policy and cannot be modified. This is a new feature in Active Directory 2008 to introduce extra security. This is just a check box for user account properties to force users to change the default passwords set by the administrator at the time of the creation of their account. This then forces users to pick their own password.

Answer: D Section: (none) Explanation/Reference:

QUESTION 118 You are an administrator at Hi-tech, Ltd. At a recent conference, you had a conversation with administrators at Fabrikam, Inc. You discussed a particularly successful set of configurations you have deployed using a GPO. The Fabrikam administrators have asked you to copy the GPO to their domain. Which steps can you and the Fabrikam administrators perform? A. Right-click the Hi-tech GPO and choose Save Report. Create a GPO in the Fabrikam domain, right-click it, and choose Import. B. Right-click the Hi-tech GPO and choose Back Up. Right-click the Group Policy Objects container in the Fabrikam domain and choose Restore From Backup.

C. Right-click the Hi-tech GPO and choose Back Up. Create a GPO in the Fabrikam domain, right-click it, and choose Paste. D. Right-click the Hi-tech GPO and choose Back Up. Create a GPO in the Fabrikam domain, right-click it, and choose Import Settings. Answer: D Section: (none) Explanation/Reference: Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement-----

QUESTION 119 You are hired as the network administrator in your company. Your company has an Active Directory domain and two domain controllers named Server01 and Server02. The Server01 hosts the Schema Master Role. Suddenly the Server01 fails. To rectify the problem, you log on to Active Directory using administrator account. You are trying to transfer the Schema Master Operations role. But you fail. What should you do to ensure that Server02 holds the Schema Master role? A. B. C. D. Register Schemamt.dll on the Active Directory domain and start the Active Directory Schema snap-in Configure Server02 as a Primary domain controller Join the Schema Administrators group and modify the Schema settings to save records on Server02 Seize the Schema Master role on Server02

Answer: D Section: (none) Explanation/Reference:

QUESTION 120 You want to deploy a GPO named Northwind Lockdown that applies configuration to all users at Northwind Traders. However, you want to ensure that the settings do not apply to members of the Domain Admins group. How can you achieve this goal? (Choose all that apply.) A. Link the Northwind Lockdown GPO to the domain, and then right-click the domain and choose Block Inheritance. B. Link the Northwind Lockdown GPO to the domain, right-click the OU that contains the user accounts of all users in the Domain Admins group, and choose Block Inheritance. C. Link the Northwind Lockdown GPO to the domain, and then assign the Domain Admins group the Deny Apply Group Policy permission. D. Link the Northwind Lockdown GPO to the domain, and then configure security filtering so that the GPO applies to Domain Users.

Answer: BC Section: (none) Explanation/Reference:

QUESTION 121 Lisa works as a branch office administrator for your organization. She receives a call from her manager, Dina, asking which of the following characteristics make up a strong password. Which one is correct? A. B. C. D. Contains a username or pet's name. Contains dictionary words. Contains place names. Is a combination of letters and numbers.

Answer: D Section: (none) Explanation/Reference:

QUESTION 122 You want to create a standard lockdown desktop experience for users when they log on to computers in your company's conference and training rooms. You have created a GPO called Public Computers Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement----Configuration with desktop restrictions defined in the User Configuration node. What additional steps must you take? (Choose all that apply. Each correct answer is a part of the solution.) A. B. C. D. Enable the User Group Policy Loopback Processing Mode policy setting. Link the GPO to the OU containing user accounts. Select the Block Inheritance option on the OU containing conference and training room computers. Link the GPO to the OU containing conference and training room computers

Answer: AD Section: (none) Explanation/Reference:

QUESTION 123 You are hired as the network administrator in your company. Your company has an Active Directory

domain. For regular checkups, you log on to the domain controller and open Microsoft Management Console (MMC). The Active Directory Schema snap-in is not available. What should you do to access the Active Directory Schema snap-in? A. B. C. D. Register Schmmgmt.dll using a member account of the Schema Administrators group, log off and log on again Add the Active Directory Lightweight Directory Services (AD LDS) role to the domain controller Execute Ntdsutil.exe command to connect to the Schema Master operations master.

Answer: A Section: (none) Explanation/Reference:

QUESTION 124 You work as a technology specialist in an international company named Wiikigo. Your major job is to configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active Directory infrastructure and maintaining Active Directory objects. Since you are the technical support, you are required to confirm whether Active Directory successfully copied between two domain controllers. Which action should be performed to achieve the goal? A. B. C. D. To achieve the goal, the Dsquery command should be run. To achieve the goal, the RepAdmin command should be run. To achieve the goal, the Windows System Resource Manager should be run. To achieve the goal, the DSget command should be run.

Answer: B Section: (none) Explanation/Reference:

QUESTION 125 A user calls the help desk at your organization and reports problems that you suspect might be related to changes that were recently made to Group Policy. You want to examine information regarding Group Policy processing on her system. Which tools can you use to gather this information remotely? (Choose all that apply.) A. Group Policy Modeling Wizard B. Group Policy Results Wizard

C. Gpupdate.exe Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement----D. Gpresult.exe E. Msconfig.exe Answer: BD Section: (none) Explanation/Reference:

QUESTION 126 You are hired as the network administrator in your company. Your company has instructed you to decommission domain controllers that host all forest-wide operations master roles. Before you start taking down these domain controllers, you want to transfer all forest-wide operation master roles to another domain. Which two roles should you transfer to achieve this objective? (Choose two answers. Each answer is a part of the complete solution) A. B. C. D. E. Domain naming master Secondary domain master Forest-wide server master roles Schema master PDC Master

Answer: AD Section: (none) Explanation/Reference:

QUESTION 127 Which of the following options require administrative privileges to change the password? A. B. C. D. User must change password at next logon. User cannot change password. Password never expires. Store password using reversible encryption.

Answer: B Section: (none) Explanation/Reference:

QUESTION 128 You are the administrator at Hi-tech, Ltd. The hi-tech.com domain has five GPOs linked to the domain, one of which configures the password-protected screen saver and screen saver timeout required by corporate policy. Some users report that the screen saver is not launching after 10 minutes as expected. How do you know when the GPO was applied? A. B. C. D. Run Gpresult.exe for the users. Run Gpresult.exe-computer. Run Gpresult-scope computer. Run Gpupdate.exe /Target:User.

Answer: A Section: (none) Explanation/Reference:

QUESTION 129 You are hired as the network administrator in your company. Your company has an Active Directory domain and two domain controllers named Server01 and Server02 . The Server01 hosts the Schema Master Role. Suddenly the Server01 fails. To rectify the problem, you log on to Active Directory using Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement----administrator account. You are trying to transfer the Schema Master Operations role. But you fail. What should you do to ensure that Server02 holds the Schema Master role? A. B. C. D. Register Schemamt.dll on the Active Directory domain and start the Active Directory Schema snap-in Configure Server02 as a Primary domain controller Join the Schema Administrators group and modify the Schema settings to save records on Server02 Seize the Schema Master role on Server02

Answer: D Section: (none) Explanation/Reference:

QUESTION 130 The hi-tech.com domain contains a GPO named Corporate Help Desk, linked to the Clients OU, and a GPO named Sydney Support linked to the Sydney OU within the Clients OU. The Corporate Help Desk

GPO includes a restricted groups policy for the HI-TECH\ Help Desk group that specifies This Group Is A Member Of Administrators. The Sydney Support GPO includes a restricted groups policy for the HI-TECH\Sydney Support group that specifies This Group Is A Member Of Administrators. A computer named DESKTOP234 joins the domain in the Sydney OU. Which of the following accounts will be a member of the Administrators group on DESKTOP234? (Choose all that apply.) A. B. C. D. E. Administrator Domain Admins Sydney Support Help Desk Remote Desktop Users

Answer: ABCD Section: (none) Explanation/Reference:

QUESTION 131 You are hired as the network administrator in your company. In your company there's a server named server01 that runs Windows Server 2008. An instance of Active Directory Lightweight Directory Service (AD LDS) runs on Server01. You have to create new organizational units in the AD LDS application directory partition. What should you do to achieve this task? A. Create the organizational units on the AD LDS application directory partition by accessing the ADSI Edit snap-in. B. Execute dsmod OU <OUDN> command to create Organizational units. C. Use the Active Directory Users and Computers snap-in to create the organizational units on the AD LDS application directory partition. D. Execute dsadd OU command to create Organizational units. Answer: A Section: (none) Explanation/Reference:

QUESTION 132 You are attempting to describe the purpose of a template account to a co-worker. What should you tell Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement-----

them? A. B. C. D. A template account exists only for Novell users. A template account exists only for Unix users. A template account exists only for Windows NT 4.0 users. A template account simplifies the creation of a large number of user accounts. In a template, you can define all the account parameters you need to for your users. You can then use this template to create user accounts by simply filling in the Name, Full Name and Description Password, and Confirm Password fields.

Answer: D Section: (none) Explanation/Reference:

QUESTION 133 The hi-tech.com domain contains a GPO named Corporate Help Desk, linked to the Clients OU, and a GPO named Sydney Support linked to the Sydney OU within the Clients OU. The Corporate Help Desk GPO includes a restricted groups policy for the Administrators group that specifies the Members Of This Group setting to be HI-TECH\Help Desk. The Sydney Support GPO includes a restricted groups policy for the Administrators group that specifies the Members Of This Group setting to be HI-TECH\Sydney Support. A computer named DESKTOP234 joins the domain in the Sydney OU. Which of the following accounts will be a member of the Administrators group on DESKTOP234? (Choose all that apply.) A. B. C. D. E. Administrator Domain Admins Sydney Support Help Desk Remote Desktop Users

Answer: AC Section: (none) Explanation/Reference:

QUESTION 134 You are hired as the network administrator in your company. Your company has a single Active Directory domain. All the domain controllers run Windows Server 2003. You install Windows Server 2008 on a server. You need to ensure that the new server is added as a domain controller in the domain. What should you do to achieve this task? A. Execute dcpromo/controllerprep on a new server

B. Run adprep/forestprep command on a domain controller C. Run adprep/rodcprep on a new server D. Run dcpromo/createaccount on a domain controller Answer: B Section: (none) Explanation/Reference:

QUESTION 135 You work as a technology specialist in an international company named Wiikigo. Your major job is to configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active Directory infrastructure and maintaining Active Directory objects. There is a single Active Directory domain Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement----in your network. Windows Server 2008 is run by all domain controllers. The Audit account management policy setting and Audit directory services access setting are enabled for the entire domain. You need to ensure that changes made to Active Directory objects can be logged. The logged changes must include the old and new values of any attributes. So what action should you perform? A. The Audit directory service access setting and directory service changes should be enabled from the Default Domain Controllers policy. B. The Audit account management policy should be enabled in the Default Domain Controller Policy. C. The Security settings of the Domain Controllers OU should be configured after running auditpol.exe. D. The Audit directory service access setting should be enabled in the Default Domain policy after running auditpol.exe. Answer: C Section: (none) Explanation/Reference:

QUESTION 136 The hi-tech.com domain contains a GPO named Corporate Help Desk, linked to the Clients OU, and a GPO named Sydney Support linked to the Sydney OU within the Clients OU. The Corporate Help Desk GPO includes a restricted groups policy for the Administrators group that specifies the Members Of This Group setting to be HI-TECH\Help Desk. The Sydney Support GPO includes a restricted groups policy for

the HI-TECH \Sydney Support group that specifies This Group Is A Member Of Administrators. A computer named DESKTOP234 joins the domain in the Sydney OU. Which of the following accounts will be a member of the Administrators group on DESKTOP234? (Choose all that apply.) A. B. C. D. E. Administrator Domain Admins Sydney Support Help Desk Remote Desktop Users

Answer: ACD Section: (none) Explanation/Reference:

QUESTION 137 You are hired as the network administrator in your company. Your company network consists of a single Active Directory domain. All domain controllers run Windows Server 2008. Some of the Lightweight Directory Access Protocol (LDAP) clients are using the largest amount of CPU resources on a domain controller. You need to identify those. What should you do to achieve this task? A. B. C. D. Execute the Active Directory Diagnostics Data Collector Set a review the Active Directory report Open Resource Monitor and review the performance data Run the LAN Diagnostics Data Collector Set. Review the LAN Diagnostics report. Review the Hardware Events log in the Event Viewer. Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement-----

Answer: A Section: (none) Explanation/Reference:

QUESTION 138 A large company has just merged with yours. This organization has recently converted its internal network from IPv4 addressing to IPv6 to support a number of new network applications that required it. You must now begin to plan for IPv6 support on your own internal network. You are creating training materials for your junior networking staff. Which of the following features is built into IPv6 that was not required in

IPv4? A. B. C. D. Classless Inter-Domain Routing (CIDR) IP Security through the use of IPSec Network address translator (NAT) Loopback IP addressing

Answer: B Section: (none) Explanation/Reference:

QUESTION 139 You want to deploy security settings to multiple servers by using Group Policy. The settings need to apply the user rights that you have configured and validated on a server in your test environment. Which tool should you use? A. B. C. D. Local Security Policy Security Configuration And Analysis Security Configuration Wizard Security Templates

Answer: B Section: (none) Explanation/Reference:

QUESTION 140 You are hired as the network administrator in your company. Your company has an Active Directory forest. You want to install an Enterprise certification authority (CA) on a stand-alone server. When you try to add Active Directory Certificate Services (AD CS) role, you find that the Enterprise CA option is not available. You have to install the AD CS role as an Enterprise CA. What should you do first to achieve this task? A. B. C. D. Add the Active Directory Certificate Services (AD CS) role. Add the Web server (IIS) role and the AD LDS role. Add the DNS Server role. Join the server to the domain.

Answer: D Section: (none) Explanation/Reference:

QUESTION 141 You want to deploy security settings to multiple servers by using Group Policy. The settings need to configure services, firewall rules, and audit policies appropriate for servers in your enterprise that act as file and print servers. Which tool would be the best choice for you to use? Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement----A. B. C. D. Local Security Policy Security Configuration And Analysis Security Configuration Wizard Security Templates

Answer: C Section: (none) Explanation/Reference:

QUESTION 142 You are hired as the network administrator in your company. You company has a server that's runs Windows Server 2008. Active directory forest is configured at the functional level. To enable users to have a database services on the server, you install Microsoft SQL server 2005 and implement Active Directory Rights Management Service (AD RMS). While testing the server, you attempt to open the AD RMS administration website. You receive an error message saying:" SQL Server does not exist or access is denied". You want to rectify this problem and open AD RMS administration website. Which two actions should you perform to achieve this objective? (Select two answers. Each answer is the part of complete solution) A. B. C. D. Install and configure Message Queuing Restart the Internet Information Server (IIS) Delete the AD RMS instance and the SQL server and install it again. Start the MSSQLSVC service

Answer: BD Section: (none) Explanation/Reference:

QUESTION 143 Your company, mycompany.com, is merging with the yourcompany.com company. The details of the merger are not yet complete. You need to gain access to the resources in the yourcompany.com company before the merger is completed. What type of trust relationship should you create? A. B. C. D. Forest trust Shortcut trust External trust Tree Root trust

Answer: C Section: (none) Explanation/Reference:

QUESTION 144 You created a security policy by using the Security Configuration Wizard. Now you want to deploy the settings in that security policy to the servers in your Servers OU. Which of the following steps are required? (Choose two. Each correct answer is a part of the solution.) A. B. C. D. Use Scwcmd.exe /transform. Create a Group Policy Object in the Group Policy Objects container. Right-click the Security Settings node of a GPO and choose Import. Link the GPO to the Servers OU. Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement-----

Answer: AD Section: (none) Explanation/Reference:

QUESTION 145 You are hired as the network administrator in your company. The headquarters of your company is located in New York. Now your company builds its branch in Washington. You are assigned to deploy and implement a Read-only Domain Controller (RODC) at the branch office. You deploy a RODC that runs Windows Server 2008. You must make sure that the users at the branch office can log on to the domain using RODC, so what

should you do? A. B. C. D. Use Password Replication Policy on the RODC Add RODC to the main office Deploy and configure a new bridgehead server in the branch office Deploy and configure a Password Replication Policy on the RODC in the main office

Answer: A Section: (none) Explanation/Reference:

QUESTION 146 You work as a technology specialist in an international company named Wiikigo. Your major job is to configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active Directory infrastructure and maintaining Active Directory objects. There is an Active Directory forest in your company. A single domain is contained in this forest. The domain member server has an Active Directory Federation Services (AD FS) server role installed. You have to configure AD FS to make sure that AD FS tokens contain information from the Active Directory domain. So what action should you perform? A. B. C. D. A new resource partner should be added and configured. A Claims-aware application should be added and configured. A new account store should be added and configured. A new account partner should be added and configured.

Answer: C Section: (none) Explanation/Reference:

QUESTION 147 You want to deploy an application by using Group Policy to client computers in the headquarters and in a branch office. The branch office is connected to the headquarters with a wide area network connection that is 364 kbps. What steps must you take to deploy the software? (Choose two. Each correct answer is part of the solution.) A. Create a GPO that applies to all client computers in the headquarters and branch office. In the GPO, create a software package in the User Configuration node that assigns the application. B. Create a GPO that applies to all client computers in the headquarters and branch office. In the GPO, create a software package in the Computer Configuration node that assigns the application.

C. In a GPO that applies to all computers, configure the slow link detection policy connection speed in the User Configuration node to 256 kbps. Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement----D. In a GPO that applies to computers in the branch office, configure the slow link detection policy connection speed in the Computer Configuration node to 256 kbps. E. In a GPO that applies to computers in the branch office, configure the slow link detection policy connection speed in the Computer Configuration node to 1,000 kbps. Answer: BD Section: (none) Explanation/Reference:

QUESTION 148 You are hired as the network administrator in your company. The headquarters of your company is located in New York. Now your company builds its branch in Washington. There is a single-domain Active Directory forest in your company. All servers run Windows Server2008. Server01 and Server02 work as the Domain Controller in the main office while Server03 works as a Windows Server 2008 read-only domain controller (RODC) in the branch office. All domain controllers hold the DNS Server role and are configured as Active Directory-integrated zones. The DNS zones only allow secure updates. You must make sure to enable dynamic DNS updates on Server03. What should you do? A. B. C. D. Run the Ntdsutil.exe > DS Behavior commands on DC3. Run the Dnscmd.exe /ZoneResetType command on DC3. Reinstall Active Directory Domain Services on DC3 as a writable domain controller. Create a custom application directory partition on DC1. Configure the partition to store Active Directoryintegrated zones.

Answer: C Section: (none) Explanation/Reference:

QUESTION 149 You are hired as the network administrator in your company. All the servers in your company run windows 2008. The network of your company consists of an Active Directory forest that contains one domain. There is an Active Directory-integrated zone with two Active Directory sites in the domain. Each site contains two domain controllers. All domain controllers are configures as DNS servers.

You are assigned to deploy and implement a new NS record to the zone. You have to make sure that all domain controllers immediately receive the new NS record. What should you do to achieve this task? A. B. C. D. Execute repadmin/syncall from the command prompt Reload the zone from the DNS Manager console Create an SOA record from the DNS Manager console Shutdown and then, restart the DNS server service from services snap-in

Answer: A Section: (none) Explanation/Reference:

QUESTION 150 Your boss just informed you that your company will be participating in a joint venture with a partner company. He is very concerned about the fact that a trust relationship needs to be established with the partner company. He fears that an administrator in the other company might be able to masquerade as one of your administrators and grant himself privileges to resources. You assure him that your network and its Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement----resources can be protected from an elevated privilege attack. Along with the other security precautions that you will take, what will you tell your boss that will help him rest easy about the upcoming scenario? A. The permissions set on the Security Account Manager (SAM) database will prevent the other administrators from being able to make changes. B. The SIDHistory attribute tracks all access from other domains. Their activities can be tracked in the System Monitor. C. The SIDHistory attribute from the partner's domain attaches the domain SID for identification. If an account from the other domain tries to elevate its own or another user's privilege, the SID filtering removes the SID in question. D. SID filtering tracks the domain of every user who accesses resources. The SIDHistory records this information and reports the attempts to the Security log in the Event Viewer. Answer: C Section: (none) Explanation/Reference:

QUESTION 151 In your domain, the Employees OU contains all user accounts. Each site has an OU within which a Sales OU contains accounts for the computers in the Sales department at that site. You want to deploy an

application so that it is available to all users in the organization's Sales departments. Which methods can you use? (Choose all that apply.) A. Create a GPO linked to the domain. Create a group containing all Sales users. Filter the GPO so that it applies only to the group. In the GPO's User Configuration policies, create a software package that assigns the application. B. Create a GPO linked to each site's Sales OU. In the GPO's User Configuration policies, create a software package that assigns the application. C. Create a GPO linked to the domain. Create a group containing all Sales users. Filter the GPO so that it applies only to the group. In the GPO's Computer Configuration policies, create a software package that assigns the application. D. Create a GPO linked to each site?0100110010014301001100100154s Sales OU. In the GPO User Configuration policies, create a software package that assigns the application. In the GPO's Computer Configuration, enable loopback policy processing in merge mode Answer: AD Section: (none) Explanation/Reference:

QUESTION 152 You are hired as the network administrator in your company. Your company has an Active Directory forest with six domains. The company has 5 sites. The company requires a new distributed application that uses a custom application directory partition named ResData for data replication. The application is installed on one member server in five sites. You need to configure the five member servers to receive the ResData application directory partition for data replication. What should you do? A. Run the Dcpromo utility on the five member servers Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement----B. Run the Regsvr32 command on the five member servers C. Run the Wbadmin command on the five member servers D. Run the RacAgent utility on the five member servers Answer: A Section: (none) Explanation/Reference:

QUESTION 153 You are hired as the network administrator in your company. Your company network has an Active

Directory forest that contains one parent domain and one child domain. The child domain has two domain controllers that run Windows Server 2008. All user accounts from the child domain are migrated to the parent domain. The child domain is scheduled to be decommissioned. You need to remove the child domain from the Active Directory forest. What are two possible ways to achieve this goal? (Choose two answers. Each answer is part of the complete solution.) A. Use Server Manager on both domain controllers in the child domain to uninstall the Active Directory domain services role. B. Run the Dcpromo tool that has individual answer files on each domain controller in the child domain. C. Delete the computer accounts for each domain controller in the child domain. Remove the trust relationship between the parent domain and the child domain. D. Run the Computer Management console to stop the Domain Controller service on both domain controllers in the child domain. Answer: AB Section: (none) Explanation/Reference:

QUESTION 154 Your organization consists of ten branch offices. Within your Active Directory, an Employees OU is divided into ten child OUs containing user accounts at each branch office. You want to deploy an application to users at four branches. The application should be fully installed before the user opens the application for the first time. Which steps should you take? (Choose four. Each correct answer is a part of the solution.) A. B. C. D. Create a software deployment GPO linked to the Employees OU. Create a package in the User Configuration polices that publishes the application. Select the Install This Application At Logon deployment option. Create a shadow group that includes the users in the four branches. Filter the software deployment GPO so that it applies only to the shadow group. E. Create a package in the User Configuration policies that assigns the application. F. Select the Required Upgrade For Existing Packages option Answer: ACDE Section: (none) Explanation/Reference:

QUESTION 155 Robin is managing an Active Directory environment of a medium-size company. He is troubleshooting a problem with the Active Directory. One of the administrators made an update to a user object and another reported that he had not seen the changes appear on another DC. It was more than a week since the Need

Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement----change was made Robin checks the problem by making a change to another Active Directory object. Within a few hours, the change appears on a few DCs, but not on all of them. Which of the following is a possible cause for this problem? A. B. C. D. Connection objects are not properly configured. Robin has configured one of the DCs for manual updates. There might be different DCs for different domains. Creation of multiple site links between the sites.

Answer: A Section: (none) Explanation/Reference:

QUESTION 156 You are hired as the network administrator in your company. In your company there's a server named Server01 that runs Windows Server 2008. You company has an Active Directory forest with single domain. Server01 works as the Domain Controller with Active Directory Federation Services (AD FS) role installed. Some other applications are also hosted on its perimeter network. The organization wants single sign-on to all applications hosted on perimeter network. You are required to configure the AD FS trust policy to populate AD FS tokens with employee's information from Active directory domain. What should you do? A. B. C. D. Add and configure a new application Add and configure a new account store Add and configure a new account partner Add and configure a new organization claim

Answer: B Section: (none) Explanation/Reference:

QUESTION 157 You work as a technology specialist in an international company named Wiikigo. Your major job is to configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active

Directory infrastructure and maintaining Active Directory objects. There is an Active Directory domain in the company. A Windows Server 2008 is run by all servers. An Enterprise Root certificate authority (CA) is used by your company. You have to make sure that revoked certificate information is highly available. So what action should you perform? A. You should use a Group Policy Object (GPO) to publish the trusted certificate authorities list to the domain. B. You should use Network Load Balancing to implement an Online Certificate Status Protocol (OCSP) responder. C. You should create a new Group Policy Object (GPO) that allows users to trust peer certificates. The GPO should be linked to the domain. D. You should use an Internet Security and Acceleration Server array to implement an Online Certificate Status Protocol (OCSP) responder. Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement----Answer: B Section: (none) Explanation/Reference:

QUESTION 158 You are concerned that an individual is trying to gain access to computers by logging on with valid domain user names and a variety of attempted passwords. Which audit policy should you configure and monitor for such activities? A. B. C. D. E. Logon Event failures Directory Service Access failures Privilege Use successes Account Logon Event failures Account Management failures

Answer: D Section: (none) Explanation/Reference:

QUESTION 159 You want to audit changes to attributes of user accounts used by administrators in your organization. When a change is made, you want to see both the previous and changed values of the attribute. What must you do to achieve your goal?

A. B. C. D.

Define Account Management audit policy. Use the Auditpol.exe command. Enable Privilege Use auditing. Define Directory Service Access audit policy.

Answer: B Section: (none) Explanation/Reference:

QUESTION 160 You are hired as the network administrator in your company. Your company has an Active Directory domain which runs Windows Server 2008. A user attempts to log on to the domain from the client computer using his account. He receives the following message: "This account has expired. Contact your administrator to reactivate the account" What should you do to ensure that the user is able to log on to the domain using his account? A. Open the properties of the user account and change the option to "Never Expire" B. Open the properties of the user account and extend the Logon Hours setting C. Open the properties of the user account and modify the default domain policy to decrease the duration of account lockout. D. Change the password option to never expire in the user account properties Answer: A Section: (none) Explanation/Reference:

QUESTION 161 Darien is a new member of the Web Services team at your company. He is going to be responsible for running and testing scripts for an in-house homegrown application which requires a special application that is deployed via Group Policy. The first time he logs on to the domain he does not receive the software Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement----package. You verify that his user account is in the proper OU. What could be causing Darien not to receive the GPO with the software policy? A. Security filtering has been enabled on the GPO and Darien is not a member of the proper group B. WMI Filtering has been enabled on the GPO and Darien is not a member of the proper group

C. Darien must be a local administrator on his machine to download a GPO with a software package in it D. Darien's user account has Block Inheritance configured on it and therefore he cannot download the policy Answer: A Section: (none) Explanation/Reference:

QUESTION 162 Your organization includes 10 file servers, which have computer accounts in the Servers OU of your domain. A GPO named Server Configuration is linked to the Servers OU. On five of the servers, a folder called Confidential Data exists. You have hired a team of consultants to assist on a project, and you want to ensure that those consultants cannot access the Confidential Data folder. You configure permissions on the folder to prevent access by consultants, and you want to audit any attempt by consultants to open or manipulate the folder. Which steps must you take? (Choose three. Each correct answer is part of the solution.) A. B. C. D. E. F. G. Add audit entries to the Confidential Data folder to audit successful Full Control access. Evaluate entries in the Security logs on the domain controllers. Define the Audit Directory Service Access policy in the Server Configuration GPO. Define the Audit Object Access policy in the Default Domain Controllers GPO. Define the Audit Object Access policy in the Server Configuration GPO. Evaluate entries in the Security logs on each file server. Add audit entries to the Confidential Data folder to audit failed Full Control access.

Answer: EFG Section: (none) Explanation/Reference:

QUESTION 163 Hi-tech has an Active Directory forest with single domain. Some other applications are also hosted on its perimeter network. The organization wants single sign-on to all applications hosted on perimeter network. The company has a domain member server with Active Directory Federation Services (AD FS) role installed. You are required to configure the AD FS trust policy to populate AD FS tokens with employee's information from Active directory domain. What should you do? A. Add and configure a new account store B. Add and configure a new organization claim

C. Add and configure a new account partner D. Add and configure a new application Answer: A Section: (none) Explanation/Reference: Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement-----

QUESTION 164 You are an administrator at Tailspin Toys. Your Active Directory domain includes an OU called Service Accounts that contains all user accounts. Because you have configured service accounts with passwords that never expire, you want to apply a password policy that requires passwords of at least 40 characters. Which of the following steps should you perform? (Choose all that apply. Each correct answer is part of the solution.) A. B. C. D. E. Set the Minimum Password Length policy in the Default Domain Policy GPO. Link a PSO to the Service Accounts OU. Create a group called Service Accounts. Link a PSO to the Service Accounts group. Add all service accounts as members of the Service Accounts group.

Answer: CDE Section: (none) Explanation/Reference:

QUESTION 165 As an administrator at You are hired as the network administrator in your company. Your company, you have installed an Active Directory forest that has a single domain. You have installed an Active Directory Federation services (AD FS) on the domain member server. What should you do to configure AD FS to make sure that AD FS token contains information from the active directory domain? A. B. C. D. Add a new account store and configure it Add a new resource partner and configure it Add a new resource store and configure it Add a new administrator account on AD FS and configure it

Answer: A Section: (none)

Explanation/Reference:

QUESTION 166 SueyDog Enterprises will soon be deploying Microsoft Office Communicator into its environment. All of its DCs are running Windows Server 2008. Their administrator, Matthew, is attempting to prepare for the new product by creating a GPO and exploring the available settings. He creates a new policy and proceeds to expand each section of the policy, looking for the section containing the Microsoft Office Communicator settings. He can't seem to locate the settings for Microsoft Office Communicator. What should Matthew do to gain the settings he seeks? A. B. C. D. Download the appropriate .adm file and import it into the new GPO Install Microsoft Office Communicator on the DC to make the setting available Download the appropriate .admx file and import it into the new GPO Download the appropriate .adm file and place it in the Central Store

Answer: A Section: (none) Explanation/Reference:

QUESTION 167 You want to configure account lockout policy so that a locked account will not be unlocked Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement----automatically. Rather, you want to require an administrator to unlock the account. Which configuration change should you make? A. B. C. D. Configure the Account Lockout Duration policy setting to 100. Configure the Account Lockout Duration policy setting to 1. Configure the Account Lockout Threshold to 0. Configure the Account Lockout Duration policy setting to 0.

Answer: D Section: (none) Explanation/Reference:

QUESTION 168

You work as a technology specialist in an international company named Wiikigo. Your major job is to configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active Directory infrastructure and maintaining Active Directory objects. There is an Active Directory forest in your company. The company locates in three different places. An organizational unit and a child organizational unit named Sales are included by each location. All users and computers of the sales department are included by the Sales organizational unit. A Microsoft Office 2007 application should be deployed on all computers within the three Sales organizational units. According to the company requirements, you should make sure that the Office 2007 application can only be installed on the computers in the Sales organizational units. Which action should be performed to achieve the goal? A. A Group Policy Object (GPO) named SalesAPP GPO. And then, the GPO should be configured to publish the application to the user account. At last, the SalesAPP GPO should be linked to to the Sales organizational unit in each location. B. A Group Policy Object (GPO) named SalesAPP GPO. And then, the GPO should be configured to assign the application to the computer account. At last, the SalesAPP GPO should be linked to to the Sales organizational unit in each location. C. A Group Policy Object (GPO) named SalesAPP GPO should be created. And then, the GPO should be configured to assign the application to the computer account. At last, the SalesAPP GPO should be linked to the domain. D. A Group Policy Object (GPO) named SalesAPP GPO should be created. And then, the GPO should be configured to assign the application to the user account. At last, the SalesAPP GPO should be linked to to the Sales organizational unit in each location. Answer: B Section: (none) Explanation/Reference:

QUESTION 169 You are hired as the network administrator in your company. Your company has an Active Directory forest. There is one main office and branch office in two different locations. Both of the locations have an organizational unit. Hi-tech has instructed you to ensure that the branch office administrators are able to create and apply GPOs only to their respective organizational unit. Which two actions should you perform to achieve this task? Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement----A. Add branch administrators for each organizational unit in the Managed By Tab settings. B. Add the branch office administrators user accounts in the Group Policy Creator Owners Group

C. Execute the Delegation of Control Wizard and delegate the right to link GPOs for their branch organizational units to the branch administrators D. Execute the Delegation of Control Wizard and delegate the right to links GPOs for the domain to the branch office administrators Answer: BC Section: (none) Explanation/Reference:

QUESTION 170 As you evaluate the password settings objects in your domain, you discover a PSO named PSO1 with a precedence value of 1 that is linked to a group named Help Desk. Another PSO, named PSO2,with a precedence value of 99, is linked to a group named Support. Mike Danseglio is a member of both the Help Desk and Support groups. You discover that two PSOs are linked directly to Mike.PSO3 has a precedence value of 50, and PSO4 has a precedence value of 200. Which PSO is the resultant PSO for Mike? A. B. C. D. PSO1 PSO2 PSO3 PSO4

Answer: C Section: (none) Explanation/Reference:

QUESTION 171 You are hired as the network administrator in your company. Your company has an Active Directory domain running Windows Server 2008. The Finance OU (organizational unit) contains an OU for computers, an OU for groups and an OU for users. As per company policy, you perform daily backups. Another administrator mistakenly deletes the groups OU. You have to restore the Groups OU without affecting users and computers in the Finance OU. What should you do to achieve this task? A. B. C. D. Perform an authoritative restore of the Groups OU Perform a complete restore of the Finance OU Perform a non-authoritative restore of the Finance OU Perform a non-authoritative restore of the Groups OU

Answer: A Section: (none) Explanation/Reference:

QUESTION 172 You work for a large hospital. The main users in the hospital are nurses and doctors. Because they are always on the go, you set up kiosk stations throughout the hospital for them to log on to and check Web mail or access applications. The kiosks share one user logon and the nurses and doctors use their personal accounts to gain access to resources via a browser interface which prompts them for credentials. One morning a nurse logs onto a kiosk machine and is greeted by extremely offensive wallpaper. How would you utilize Group Policy to prevent this from happening in the future? Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement----A. Create a Group Policy and apply it to the nurses' user accounts. Disable Display Settings. B. Create a Group Policy and apply it to the nurses' user accounts. Configure Loopback Processing in Replace mode. C. Create a Group Policy and apply it to the kiosk machines. Configure the wallpaper to the company logo and disable Display Settings. D. Create a Group Policy and apply it to the kiosk machines. Configure Loopback Processing in Replace mode. Answer: D Section: (none) Explanation/Reference:

QUESTION 173 You want to obtain a log that will help you isolate the times of day that failed logons are causing a user's account to be locked out. Which policy should you configure? A. Define the Audit Account Logon Events policy setting for Success events in the Default Domain Policy GPO. B. Define the Audit Account Logon Events policy setting for Failure events in the Default Domain Policy GPO. C. Define the Audit Logon Events policy setting for Success events in the Default Domain Policy GPO. D. Define the Audit Logon Events policy setting for Failure events in the Default Domain Policy GPO. Answer: B Section: (none) Explanation/Reference:

QUESTION 174

You are hired as the network administrator in your company. You are assigned to relocate the existing user and computer objects in your company to different organizational units. What are two possible ways to achieve this goal? (Each correct answer presents a complete solution. Choose two.) A. B. C. D. Run the Dsmod utility. Run the Active Directory Migration Tool (ADMT). Run the Active Directory Users and Computers utility. Run the move-item command in the Microsoft Windows PowerShell utility.

Answer: AC Section: (none) Explanation/Reference:

QUESTION 175 You want to keep track of when users log on to computers in the human resources department of Adventure Works. Which of the following methods will enable you to obtain this information? A. Configure the policy setting to audit successful account logon events in the Default Domain Controllers GPO. Examine the event log of the first domain controller you installed in the domain. B. Configure the policy setting to audit successful logon events in a GPO linked to the OU containing user accounts for employees in the human resources department. Examine the event logs of each computer in the human resources department. C. Configure the policy setting to audit successful logon events in a GPO linked to the OU containing Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement----computer accounts in the human resources department. Examine the event logs of each computer in the human resources department. D. Configure the policy setting to audit successful account logon events in a GPO linked to the OU containing computer accounts in the human resources department. Examine the event logs of each domain controller. Answer: C Section: (none) Explanation/Reference:

QUESTION 176 You are hired as the network administrator in your company. Your company has an Active Directory domain which runs Windows Server 2008. A user attempts to log on to the domain from the client computer using his account. He receives the following message: "This account has expired. Contact your administrator to reactivate the account".

What should you do to ensure that the user is able to log on to the domain using his account? A. Open the properties of the user account and change the option to "Never Expire" B. Open the properties of the user account and extend the Logon Hours setting C. Open the properties of the user account and modify the default domain policy to decrease the duration of account lockout. D. Change the password option to never expire in the user account properties Answer: A Section: (none) Explanation/Reference:

QUESTION 177 The CIO has asked you to configure a GPO that will ensure that antivirus software is installed on every computer in the company. You are the most senior administrator in the company and have full access to every computer, and to Active Directory. Your company has a single domain and site. Which one of the following actions do you take? A. You configure a GPO at the domain level, and publish the application to all computers B. You configure a GPO at the site level, and assign the application to all computers C. You create a GPO with the required settings and link it into all OUs that have computer accounts in it. You set the options to assign the application to computers. D. You tell him it cannot be done. Answer: D Section: (none) Explanation/Reference:

QUESTION 178 Your domain consists of five domain controllers, one of which is running Windows Server 2008. All other DCs are running Windows Server 2003. What must you do before installing a read-only domain controller? A. Upgrade all domain controllers to Windows Server 2008. B. Run Adprep /rodcprep. C. Run Dsmgmt. Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement----D. Run Dcpromo /unattend.

Answer: B Section: (none) Explanation/Reference:

QUESTION 179 You work as a technology specialist in an international company named Wiikigo. Your major job is to configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active Directory infrastructure and maintaining Active Directory objects. There is a head office and five branch offices in the company. The offices are connected by WAN links. The company has an Active Directory domain named wiikigo.com. Each branch office has a member server configured as a DNS server. All branch office DNS servers host a secondary zone for wiikigo.com. According to the company requirement, the wiikigo.com zone needs to be configured to resolve client queries for at least four days in the event that a WAN link fails. So what action should you perform? A. B. C. D. The Refresh interval option for the wiikigo.com zone should be configured to 4 days. The Minimum (default) TTL option for the wiikigo.com zone should be configured to 4 days. The Expire after option for the wiikigo.com zone should be configured to 4 days. The Retry interval option for the wiikigo.com zone should be configured to 4 days.

Answer: C Section: (none) Explanation/Reference:

QUESTION 180 You are hired as the network administrator in your company. Your company has an Active Directory forest. There is a main office and five branch offices. Each branch office has an organizational unit and a child organizational unit called Accounts. The Accounts organizational unit contains all users and computers of the accounts department. You are directed to install Peachtree application only on the computers in the finance organizational unit. To install the application, you create a GPO named FinanceApp. What should you do next to achieve this task? A. Create a GPO to assign application to the user groups in the accounts organizational unit. Link the FinanceApp GPO to the organizational unit. B. Create a GPO and assign the application to each computer account. Link the FinanceApp GPO to the Accounts organizational unit. C. Configure the GPO to assign the application to the computer account. Link the FinanceApp GPO to the organizational unit in each location

D. Configure the GPO to assign the application to the organizational unit. Link the FinanceApp GPO to the Accounts organizational unit. Answer: C Section: (none) Explanation/Reference:

QUESTION 181 During a recent burglary at a branch office of Tailspin Toys, the branch office RODC was stolen. Where can you find out which users' credentials were stored on the RODC? A. The Policy Usage tab Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement----B. The membership of the Allowed RODC Password Replication Group C. The membership of the Denied RODC Password Replication Group D. The Resultant Policy tab Answer: A Section: (none) Explanation/Reference:

QUESTION 182 You are hired as the network administrator in your company. Your company has an Active Directory forest containing eight linked GPOs. One of the eight GPOs publishes applications to user objects. One of the user reports that the application is not available for installation. You have to identity whether the GPO is applied. What should you do to achieve this task? A. B. C. D. Run the GPRESULT /SCOPE COMPUTER command at the command prompt. Run the GPRESULT /S <system name> /Z command at the command prompt. Run the Group Policy Results utility for the computer. Run the Group Policy Results utility for the user.

Answer: D Section: (none) Explanation/Reference:

QUESTION 183 Your company decided not to renew the license agreement for its contact management software. The

software is deployed on systems across many client computers in the company. A single GPO was configured to install the software, and was linked into multiple places in the Active Directory hierarchy to accommodate the various user groups that needed the program. You've gone into the GPO and removed the published object for the software. Now, the object is gone from the GPO but the application is still installed on the client computers. Which one of the following most likely explains what happened? A. B. C. D. You left the default option for removal enabled You selected the option to make the removal optional You selected the option to force removal You deleted the software object from the GPO but forgot to select the uninstall options first

Answer: B Section: (none) Explanation/Reference:

QUESTION 184 Next week, five users are relocating to one of the ten overseas branch offices of Litware, Inc. Each branch office contains an RODC. You want to ensure that when the users log on for the first time in the branch office, they do not experience problems authenticating over the WAN link to the data center. Which steps should you perform? (Choose all that apply.) A. B. C. D. Add the five users to the Allowed RODC Password Replication Group. Add the five users to the Password Replication Policy tab of the branch office RODC. Add the five users to the Log On Locally security policy of the Default Domain Controllers Policy GPO. Click Prepopulate Passwords.

Answer: BD Section: (none) Explanation/Reference: Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement-----

QUESTION 185 You are hired as the network administrator in your company. Your company has a group of consultants. All consultants belong to a global group named TempWorkers. You were advised to place three file servers in a new organizational unit named Secureserv. These file servers contain confidential data located in

shared folders. After placing the file servers, you need to record any failed attempts made by the consultants to access confidential data. Which of the following two actions should you perform to achieve this task? A. On each shared folder on the three file servers, add the TempWorkers global groups to the Auditing tab. configure the Failed Full control setting in the Auditing Entry dialog box. B. Create and link a new GPO to the SecureServ organizational unit. Configure the Deny access to this computer from the network user rights setting for the TempWorkers global group. C. On each shared folder on the three file servers, add the three servers to the Auditing tab. Configure the Failed Full control setting in the Auditing Entry dialog box. D. Create and link a new GPO to the SecureServ organizational unit. Configure the Audit privilege use Failure audit policy setting. E. Create and link a new GPO to the SecureServ organizational unit. Configure the Audit object access Failure audit policy setting. Answer: AE Section: (none) Explanation/Reference:

QUESTION 186 You are hired as the network administrator in your company. Your company has an organizational unit called subproduction. The organizational unit has a child organizational unit called Research. You create a GPO named Software Deployment and link it to the Production organizational unit. You create a shadow group for the Research organizational unit. You need to deploy an application to users in the subproduction organizational unit. You also need to ensure that the application is not deployed to users in the Research organizational unit. What are two possible ways to achieve this goal? (Choose two answers. Each answer is part of the complete solution) A. B. C. D. Configure the Enforce setting on the software deployment GPO. Configure the Block Inheritance setting on the subproduction organizational unit. Configure the Block Inheritance setting on the research organizational unit. Configure security filtering on the Software Deployment GPO to Deny Apply group policy for the research security group.

Answer: CD Section: (none) Explanation/Reference:

QUESTION 187 You are an administrator for Hi-tech, Ltd. Your organization has decided to move to Windows Server

2008 and, because of your past experience, you have decided to create a new server implementation instead of upgrading your existing infrastructure. After the new infrastructure has been created, you will Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement----move all data-accounts, directory settings, and more-to the new forest you will implement with Windows Server 2008. You have been asked to create the initial forest structure. This forest includes a root domain, a global child production domain, and a domain tree. The forest is named with a .net extension, and the domain tree uses a .ms extension to differentiate it from the production forest. You successfully create the forest root domain and the child domain, but when you come to the domain tree, you find that you cannot locate the domain tree option. What could be the problem? A. You cannot create a domain tree with the Active Directory Domain Services Installation Wizard. You must use the command-line Dcpromo.exe command to do so. B. You are not logged on with the appropriate credentials. C. You must return to the Welcome page of the wizard to select the Advanced mode of the wizard. D. The server you are using is not a member of the forest root domain. Answer: C Section: (none) Explanation/Reference:

QUESTION 188 This morning you deployed an application by assigning it to computers, and then many of the applications failed. On some systems the application installed just fine, on others it only partially installed, and on still others it failed very early in the process. You figured out what went wrong, and have modified the MSI file. Which one of the following should you do to correct the problem? A. B. C. D. You should do a forced removal of the software You should delete and re-create the deployment object in group policy You should redeploy the software You should begin manually troubleshooting the workstations that had problems

Answer: C Section: (none) Explanation/Reference:

QUESTION 189 You are an administrator for Hi-tech, Ltd. Your organization has decided to move to Windows Server 2008 and, because of your past experience, you have decided to create a new server implementation instead of upgrading your existing infrastructure. After the new infrastructure has been created, you will move all data-accounts, directory settings, and more-to the new forest you will implement with Windows Server 2008. You have been asked to create the initial forest structure. This forest includes a root domain, a global child production domain, and a domain tree. The forest is named with a .net extension, and the domain tree uses a .ms extension to differentiate it from the production forest. You successfully create the forest root domain and the child domain, but when you come to the domain tree, you find that you cannot create the delegation, no matter which options you try or which credentials you provide. What could be the problem? (Choose all that apply.) A. You must select the advanced mode of the wizard to create the delegation. B. You must create a manual delegation before creating the domain tree. C. You must tell the wizard to create the delegation during the creation of the domain tree and provide Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement----appropriate credentials. D. You must tell the wizard to omit the creation of the delegation during the creation of the domain tree. E. You must create the delegation manually after the domain tree has been created. Answer: BD Section: (none) Explanation/Reference:

QUESTION 190 You work as a technology specialist in an international company named Wiikigo. Your major job is to configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active Directory infrastructure and maintaining Active Directory objects. There is an Active Directory forest in the company network. Two domains are contained in this forest. All servers run Windows Server 2008. All domain controllers are configured as DNS servers. You have a standard primary zone for dev.wiikigo.com that is stored on a member server. You have to make sure that all domain controllers can resolve names from the dev.wiikigo.com zone. What action should you perform?

A. A conditional forwarder should be created on one domain controller. The conditional forwarder should be configured to replicate to all DNS servers in the domain. B. A stub zone should be created on the member server. C. A NS record for each domain controller should be created on the member server. D. A conditional forwarder should be created on one domain controller. The conditional forwarder should be configured to replicate to all DNS servers in the forest. Answer: D Section: (none) Explanation/Reference:

QUESTION 191 You are hired as the network administrator in your company. Your company has an Active Directory domain with an organizational unit called Sales. This organizational unit hosts two global security groups named Sales directors and Sales executives. Hi-tech has instructed you to apply desktop restrictions to the sales executives group. However, the desktop restrictions should not be applied to the Sales directors group. You create a GPO named Desktop Lockdown and link it to the Sales organizational unit. What should you do next? A. B. C. D. Set the Deny Apply Group Policy permission for the Sales directors on the DesktopLockdown GPO Set the Deny Apply Group Policy permission for the Sales Executives on the DesktopLockdown GPO Set the Allow Apply Group Policy permission for the Local domain users on DesktopLockdown GPO Set the Allow Apply Group Policy permission for the Authenticated Users on DesktopLockdown GPO

Answer: A Section: (none) Explanation/Reference:

QUESTION 192 You are an administrator at Trey Research. The Trey Research forest consists of three domains, each of which includes two domain controllers running Windows Server 2003. You want to upgrade one of the domain controllers to Windows Server 2008. What must you do first? A. Upgrade the domain controller's operating system to Windows Server 2008. Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement----B. Run the Adprep.exe /domainprep /gpprep command. C. Run the Active Directory Domain Services Installation Wizard.

D. Run the Adprep.exe /forestprep command. E. Run the Adprep.exe /rodcprep command. Answer: D Section: (none) Explanation/Reference:

QUESTION 193 You work for a small accounting firm. Recently your boss, the owner of the company, read an article about weaknesses in password security. He's asked that you require everyone in the company to change his or her password every 30 days, and to have to use at least 12 different passwords per year. Which of the following settings do you configure in the Default Domain Policy? (Select all that apply.) A. B. C. D. You set the Maximum password age option to 30 You set the Enforce password history option to 12 You set the Minimum password age option to 15 You disable the Passwords must meet complexity requirements option

Answer: AC Section: (none) Explanation/Reference:

QUESTION 194 You are hired as the network administrator in your company. Your company has an Active Directory forest that contains Windows Server 2008 domain controllers and DNS servers. All client computers run Windows XP. You need to use your client computers to edit domain-based GPOs by using the ADMX files that are stored in the ADMX central store. What should you do? A. Add your account to the Domain Admins group. B. Create a folder on the Primary Domain Controller (PDC) emulator for the domain in the PolicyDefinitions path. Copy the ADMX files to the PolicyDefinitions folder. C. Upgrade your client computers to Windows Vista. D. Install .NET Framework 3.0 on your client computer. Answer: C Section: (none) Explanation/Reference:

QUESTION 195 You are an administrator at Hi-tech, Ltd. The domain was built using Windows Server 2008 domain

controllers. You want to improve authentication at a remote site by promoting a member server at the site to a read-only domain controller. There is no IT support at the site, so you want the site's manager to perform the promotion. You do not want to give her administrative credentials in the domain. Which steps must you or the manager take? (Choose all that apply. Each correct answer is part of the solution.) A. B. C. D. Run Adprep /rodcprep. Create the RODC account in the Domain Controllers OU. Run Dcpromo.exe with the UseExistingAccount option. Remove the server from the domain. Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement-----

Answer: BCD Section: (none) Explanation/Reference:

QUESTION 196 You are working in a Windows Server 2008 PKI and going over various user profiles that are subject to deletion due to company policy. The public keys for these users are stored under Documents and Settings\Administrator\System Certificates\My\Certificates and the private keys would be under Documents and Settings\Administrator\Crypto\RSA. You possess copies of the public keys in the registry, and in Active Directory. What effect will the deletion of the user profile have on the private key? A. B. C. D. It will have no effect. It will be replaced by the public key that is stored. The Private Key will be lost. None of the above.

Answer: C Section: (none) Explanation/Reference:

QUESTION 197 You are hired as the network administrator in your company. Your company has a network with a single Active Directory domain. There are two domain controllers installed which run Windows Server 2008. You have enabled the Audit account management policy and Audit directory services access settings for

the entire domain. You must ensure that the changes made to Active Directory objects are logged. The changes logged must show the old and new values of any attribute. What should you do to achieve this task? A. Enable the Audit Directory services access setting and directory service changes by accessing Default Domain Controllers policy B. Disable Audit account management policy and enable it again C. Execute auditpol.exe and configure the security settings of the domain controllers Organizational unit D. Execute Audipol.exe and disable the default domain policy Answer: C Section: (none) Explanation/Reference:

QUESTION 198 You want to promote a server to act as a domain controller, but you are concerned about the replication traffic that will occur during the promotion and its impact on the slow link between the server's site and the data center where all other domain controllers are located, so you choose to promote the server, using a backup of the directory from another domain controller. What must you do to create the installation media? A. B. C. D. Run Ntbackup.exe and select System State. Install the Windows Server Backup Features. Run Ntdsutil.exe in the IFM mode and use the Create Sysvol Full command. Copy ntds.dit and SYSVOL from a domain controller to a location in the remote site.

Answer: C Section: (none) Explanation/Reference: Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement-----

QUESTION 199 You are hired as the network administrator in your company. Your company has an Active Directory forest with a single domain. The domain has Windows Server 2008 at its functional level. You are instructed to create a global distribution group and add users to it. After creating the group and adding users, you create a shared folder on a Windows Server 2008 member server and place the global distribution group in

a domain local group that has access to the shared folder. What should you do to ensure that the users can access the shared folder? A. B. C. D. Rename the global distribution group to a universal distribution group Change the forest functional level to Windows Server 2008 Add Domain Administrators to the global distribution group Modify the group type of the global distribution group to a security group

Answer: D Section: (none) Explanation/Reference:

QUESTION 200 You are an administrator at Hi-tech, Ltd. The hi-tech.com domain consists of two sites. At the headquarters, one domain controller, named SERVER01, is a GC server and performs all five operations master roles. The second domain controller at the headquarters is named SERVER02. SERVER02 is not a GC and performs no operations master roles. At the branch office, the domain controller is named SERVER03, and it is a GC server. Which change to the operations master role placement must you make? A. B. C. D. E. Transfer the infrastructure master to SERVER03. Transfer the RID master to SERVER02. Transfer the schema master to SERVER02. Transfer the domain naming master to SERVER03. Transfer the infrastructure master to SERVER02.

Answer: E Section: (none) Explanation/Reference:

QUESTION 201 You work as a technology specialist in an international company named Wiikigo. Your major job is to configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active Directory infrastructure and maintaining Active Directory objects. There is an Active Directory domain in your company. All consultants belong to a global group named TempWorkers. The TempWorkers group is not nested in any other groups. You have the computer objects of three file servers moved to a new organizational unit named SecureServers. These file servers contain only confidential data in shared folders.

According to the company requirement, you have to prevent members of the TempWorkers group from accessing the confidential data on the file servers. When you try to achieve this, you must make sure that you do not affect access to other domain resources. Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement----So what action should you perform? A. A new GPO should be created and it should be linked to the SecureServers organizational unit. The Deny log on locally user right should be assigned to the TempWorkers global group. B. A new GPO should be created and it should be linked to the domain. The Deny log on locally user right should be assigned to the TempWorkers global group. C. A new GPO should be created and it should be linked to the domain. The Deny access to this computer should be assigned from the network user right to the TempWorkers global group. D. A new GPO should be created and it should be linked to the SecureServers organizational unit. The Deny access to this computer should be assigned from the network user right to the TempWorkers global group. Answer: D Section: (none) Explanation/Reference:

QUESTION 202 You are hired as the network administrator in your company. Your company network consists of a single Active Directory domain. The functional level of the forest is Windows Server 2008. You need to create multiple password policies for users in your domain. What should you do? A. B. C. D. From the ADSI Edit snap-in, create multiple Password Setting objects. From the Group Policy Management snap-in, create multiple Group Policy objects. From the Schema snap-in, create multiple class schema objects. From the Security Configuration Wizard, create multiple security policies.

Answer: A Section: (none) Explanation/Reference:

QUESTION 203 You are an administrator at Hi-tech, Ltd. The forest consists of two domains, hi-tech.com and windows.hi-tech.com. Currently, SERVER02.windows.hi-tech.com performs all five operations master roles. You are going to decommission the windows.hi-tech.com domain and move all accounts into hi-tech.com.

You want to transfer all operations masters to SERVER01.hi-tech.com. Which operations masters do you transfer? (Choose all that apply.) A. B. C. D. E. Infrastructure master PDC emulator RID master Schema master Domain naming master

Answer: DE Section: (none) Explanation/Reference:

QUESTION 204 You are browsing your company's e-commerce site using Internet Explorer 7 and have added a number of products to the shopping cart. You notice that there is a padlock symbol in the browser. By right clicking this symbol you will be able to view information concerning the site's: Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement----A. B. C. D. Private Key. Public Key. Information Architecture. Certificates.

Answer: D Section: (none) Explanation/Reference:

QUESTION 205 You are hired as the network administrator in your company. Your company has an Active Directory forest which runs Windows Server 2008. It has branch offices all around the world. The forest includes finance organizational units for an office in the following locations: New York London Amsterdam

Rome Each location has a child organizational unit named finance. The finance organizational unit hosts all the users and computers in the finance department. The offices in London and, Amsterdam and New York are connected by T1 connections. However, the office in Rome is connected by a 128-Kbps ISDN connection. The company has instructed you to install an application on all computers in the finance department. Which two actions should you perform to achieve this task? (Choose two answers. Each answer is a part of the complete solution) A. Create a Group Policy Object (GPO) named accountingtree Install that assigns the application to the computers. Link the GPO to each finance organizational unit B. Create a GPO named accounting tree install that assigns the application to each user in the organizational unit. Link the GPO to each finance organizational unit C. Change the slow link detection setting to 2,544 Kbps (T1) in the GPO D. Disable the slow link detection setting in the GPO Answer: AC Section: (none) Explanation/Reference:

QUESTION 206 You are an administrator at Hi-tech, Ltd. The hi-tech.com domain has five domain controllers. You want to move all domain operations masters to SERVER02.hi-tech.com. Which masters do you move? (Choose all that apply.) A. B. C. D. E. Infrastructure master PDC emulator RID master Schema master Domain naming master

Answer: ABC Section: (none) Explanation/Reference: Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement-----

QUESTION 207 Hi-tech.com has an Active Directory forest that hosts client computers running Windows Vista and

Windows XP. Hi-tech .com has directed you to ensure that users are able to install approved application updates on their computers. Which of the following two actions should you perform to achieve this task? (Choose two answers. Each answer is part of the complete solution) A. Create a GPO and link it to the domain. Configure the GPO to direct client computers to the Microsoft WSUS server for approved updates B. In the environment, install the Microsoft WSUS application on a server and configure the server to search for new updates on the internet. Configure it to approve all required updates. C. Configure automatic updates in the control panel of client computers D. Create a GPO and link it to the server. Configure the GPO to automatically search for updates on Microsoft update site Answer: AB Section: (none) Explanation/Reference:

QUESTION 208 You are an administrator at Trey Research. Your domain consists of three domain controllers, two running Windows Server 2008 and one running Windows Server 2003. The forest root domain has two domain controllers, both running Windows Server 2003. You want to replicate SYSVOL in your domain, using DFS-R. What steps must you take? (Choose all that apply. Each correct answer is part of the solution.) A. B. C. D. E. Upgrade the forest root domain controllers to Windows Server 2008. Configure the forest functional level to Windows Server 2008. Upgrade your Windows Server 2003 domain controller to Windows Server 2008. Configure the domain functional level of your domain to Windows Server 2008. Configure the domain functional level of the forest root domain to Windows Server 2008.

Answer: CD Section: (none) Explanation/Reference:

QUESTION 209 You are hired as the network administrator in your company. Your company has a network that consists of a single Active Directory domain. Windows Server 2008 is installed on all domain controllers in the network. You are instructed to capture all replication errors from all domain controllers to a central location. What should you do to achieve this task? A. Initiate the Active Directory Diagnostics data collector set

B. Set event log subscriptions and configure it C. Initiate the System Performance data collector set D. Create a new capture in the Network Monitor Answer: B Section: (none) Explanation/Reference: Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement-----

QUESTION 210 You are the administrator of your company's Windows Server 2008-based network and are attempting to enroll a smart card and configure it at an enrollment station. Which of the following certificates must be requested in order to accomplish this action? A. B. C. D. A machine certificate. An application certificate. A user certificate. All of the above.

Answer: C Section: (none) Explanation/Reference:

QUESTION 211 You are hired as the network administrator in your company. Your company has file server located in an organizational unit named Salaries. The files servers have salaries files in a folder named salaries. You create a GPO. You have to track which employees access the salaries files on the file servers. What should you do you achieve this task? A. Enable AUDIT object access option. Link the GPO to the Salaries organizational unit. On the file servers, configure Auditing for the Everyone group in the Payroll folder. B. Enable the Audit process tracking option. Link the GPO to the Payroll organizational unit. On the file servers, configure Auditing for the Everyone group in the Payroll folder. C. Enable the Audit object access option. Link the GPO to the domain. On the domain controllers, configure Auditing for the Authenticated Users group in the Payroll folder. D. Enable the Audit process tracking option. Link the GPO to the Domain Controllers organizational unit. On the file servers, configure Auditing for the Authenticated Users group in the Payroll folder. Answer: A Section: (none)

Explanation/Reference:

QUESTION 212 You work as a technology specialist in an international company named Wiikigo. Your major job is to configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active Directory infrastructure and maintaining Active Directory objects. There is an Active Directory forest in your company. And a single domain is included by the Active Directory forest. An Active Directory Federation Services (AD FS) server role is installed on the domain member server. Since you are the technical support, you are required to have AD FS configured so as to make sure that information from the Active Directory domain is included by AD FS tokens. Which action should be performed to achieve the goal? A. B. C. D. To achieve the goal, a new resource partner should be added and configured. To achieve the goal, a Claims-aware application should be added and configured. To achieve the goal, a new account store should be added and configured. To achieve the goal, a new account partner should be added and configured.

Answer: C Section: (none) Explanation/Reference: Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement-----

QUESTION 213 You want to configure Active Directory so that replication of logon scripts is managed using DFS-R. Which command do you use? A. B. C. D. Dfsrmig.exe Repadmin.exe Dfsutil.exe Dfscmd.exe

Answer: A Section: (none) Explanation/Reference:

QUESTION 214 Two users, Dave and Dixine, wish to communicate privately. Dave and Dixine each own a key pair consisting of a public key and a private key. A public key was used to encrypt a message and the corresponding private key was used to decrypt. What is the major security issue with this scenario? A. Private keys are revealed during the initial transaction. B. Information encrypted with a public key can be decrypted too easily with out the private key. C. An attacker can intercept the data mid-stream, and replace the original signature with his or her own, using his private key. D. None of the Above Answer: C Section: (none) Explanation/Reference:

QUESTION 215 You are hired as the network administrator in your company. Your company has a domain controller that runs Windows Server 2008. The server is a backup server with a single 500-GB hard disk and has three partitions for the applications, operating system and data. As per company policy, you perform daily backups of the server. The hard disk fails and you replace the hard disk with a new one of same capacity. After restarting the computer on the installation media, you select repair your computer option. You want to restore the operating system and all the other files. What should you do to achieve this task? A. B. C. D. Do the startup repair Perform the System Restore At the command prompt, execute wbadmin utility Perform the Disk defragment

Answer: C Section: (none) Explanation/Reference:

QUESTION 216 Client computers in a branch office are performing poorly during logon. You notice that the computers report that their logon server is a domain controller in a remote site rather than the domain controller in the branch office itself. Which of the following could cause this problem? A. The branch office domain controller is not assigned to a site.

B. The branch office site is not assigned to a site link. Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement----C. The branch office IP address range is not associated with the site. D. The branch office subnet is assigned to two sites. Answer: C Section: (none) Explanation/Reference:

QUESTION 217 You are hired as the network administrator in your company. Your company has a single Active Directory domain and two domain controllers which run Windows Server 2008. Due to a problem, you need to reset the Directory Services Recovery Mode (DSRM) password on one domain controller. What tool should you use to achieve this task? A. B. C. D. E. Active Directory Security for Computers snap-in Netsh ntdsutil Domain Controller security snap-in All of the above

Answer: C Section: (none) Explanation/Reference:

QUESTION 218 You are responsible for performing backups on the DCs on your network. Your boss has requested that you conduct system state backups to DVD. How do you accomplish this? A. Run the Windows Server Backup Wizard, select System State Backup, and set your target to the DVD drive B. Run the Windows Server Backup Wizard, select a local drive as the target, and then copy the system state backup to the DVD drive C. Run the wbadmin.exe command with the start systemstatebackup command and target it to the DVD drive D. Run the wbadmin.exe command with the start systemstatebackup command, set the target to a local fixed drive, and then copy the system state backup to a DVD Answer: D Section: (none)

Explanation/Reference:

QUESTION 219 You are hired as the network administrator in your company. Your company has an Active Directory domain called ad. Hi-tech .com. There are two domain controllers on the network: Server01 and Server02. Other administrators try to log on to the domain controllers but their logon attempts fail. You have to identify the logon attempts on the domain controllers. What should you do to achieve this task? A. B. C. D. Check the security tab on the domain controller computer object Access the Event Viewer Check the security data on domain controller event viewer Execute netsh/events command on the command prompt

Answer: B Section: (none) Explanation/Reference: Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement-----

QUESTION 220 You are adding a read-only domain controller to a branch office location. You want to ensure that clients in the branch office are likely to authenticate with the RODC. What is required? (Choose all that apply.) A. B. C. D. E. A subnet object with the network prefix of the branch office IP address range An account for the domain controller in the organizational unit for the site A site link transport for the site A site object for the branch office A server object in the site object for the branch office

Answer: ADE Section: (none) Explanation/Reference:

QUESTION 221 You are the network administrator at your company. The Active Directory database file on one of your DCs is corrupt. You decide to perform a nonauthoritative restore on the DC. You reboot the server into DSRM and try to log on as the domain administrator but you cannot. You need to get this DC back up and

functioning as soon as possible. What can you do to achieve this? A. Log on to the server with another domain administrator's account B. Log on to the server using the local administrator's account C. Change the domain administrator's password from another DC and then log on using the account with the new password D. Log on using the DSRM administrator's account and password Answer: D Section: (none) Explanation/Reference:

QUESTION 222 As an administrator at You are hired as the network administrator in your company. Your company, you create 200 new user accounts. The users are located in six different sites. The users report that when they try to log on, they receive the following error message: "The username or password is incorrect" You confirm that the user accounts exist and are enabled. You also confirm that the username and password are correct too. You have to identity the cause of this failure. You also need to ensure that the new users are able to log on using their accounts. What should you do to achieve this task? A. B. C. D. Repadmin Rsdiag Active Directory Domains and Trusts Rstools

Answer: A Section: (none) Explanation/Reference:

QUESTION 223 You work as a technology specialist in an international company named Wiikigo. Your major job is to configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement----Directory infrastructure and maintaining Active Directory objects. There is an Active Directory domain in the company. You have the domain controller logged on to. You find that you cannot access the Active Directory

Schema snap-in in the Microsoft Management Console (MMC). Since you are the technical support, you are required to make sure that the Active Directory Schema snap-in is available. Which action should you perform to achieve the goal? A. To achieve the goal, you should connect to the schema master operations master and open the schema for writing by utilizing the Ntdsutil.exe command. B. To achieve the goal, you should have the Active Directory Lightweight Directory Services (AD LDS) role added to the domain controller by utilizing Server Manager. C. To achieve the goal, you should register Schmmgmt.dll. D. To achieve the goal, you should utilize an account that is a member of the Schema Admins group to log off and log on again. Answer: C Section: (none) Explanation/Reference:

QUESTION 224 You work as a technology specialist in an international company named Wiikigo. Your major job is to configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active Directory infrastructure and maintaining Active Directory objects. There is a current Active Directory site named S01. You have a new Active Directory site created and name it S02. Since you are the technical support, you are required to configure Active Directory replication between S01 and S02. A new domain controller is installed. And the site link between S01 and S02 is created. To achieve the goal, which action should be performed next? A. To achieve the goal, the Active Directory Sites and Services console should be utilized to assign a new IP subnet to S02. And then, the new domain controller object should be migrated to S02. B. To achieve the goal, the Active Directory Sites and Services console should be utilized to configure the new domain controller as a preferred bridgehead server for S01. C. To achieve the goal, the Active Directory Sites and Services console should be utilized to configure a new site link bridge object. D. To achieve the goal, the Active Directory Sites and Services console should be utilized to decrease the site link cost between S01 and S02. Answer: A Section: (none) Explanation/Reference:

QUESTION 225 A branch office is connected to the data center with a slow link that is not reliable. You want to ensure

that the domain controller in the branch is able to authenticate users when it cannot contact a global catalog server. Which of the following should you configure? A. Read-only domain controller B. Application directory partition Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement----C. Intersite replication D. Universal group membership caching Answer: D Section: (none) Explanation/Reference:

QUESTION 226 You are the domain administrator for your company. Your network consists of multiple DCs at multiple sites. A DC at your local site is having problems with replicating. You need to know when this DC last attempted to perform an inbound replication on the Active Directory partitions. How would you accomplish this? A. B. C. D. Open a command prompt on the DC and run ntdsutil Open a command prompt on the DC and run repadmin /replicate Open a command prompt on the DC and run repadmin /rodcpwdrepl Open a command prompt on the DC and run repadmin /showrepl

Answer: D Section: (none) Explanation/Reference:

QUESTION 227 You are hired as the network administrator in your company. Hi-tech .com runs Window Server 2008 on all of its servers. It has a single Active Directory domain and it uses Enterprise Certificate Authority. The security policy at Hi-tech .com makes it necessary to examine revoked certificate information. You need to make sure that the revoked certificate information is available at all times. What should you do to achieve that? A. Add and configure a new GPO (Group Policy Object) that enables users to accept peer certificates and link the GPO to the domain.

B. Configure and use a GPO to publish a list of trusted certificate authorities to the domain C. Configure and publish an OCSP (Online certificate status protocol) responder through ISAS (Internet Security and Acceleration Server) array. D. Use network load balancing and publish an OCSP responder Answer: D Section: (none) Explanation/Reference:

QUESTION 228 You are hired as the network administrator in your company. Your company has a server that runs Windows Server 2008. The Enterprise Root CA is also installed on the server. The Security policy prevents port 443 and port 80 from being opened on domain controllers and on the issuing CA. You have to allow users to request certificates from a web interface. To do that, you install AD CS role. What should you do next? A. B. C. D. Configure the Certification Authority Web Enrollment Role Service on a member server. Configure the Online Responder Role Service on a member server. Configure the Certification Authority Web Enrollment Role Service on a domain controller. Configure the Online Responder Role Service on a domain controller. Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement-----

Answer: A Section: (none) Explanation/Reference:

QUESTION 229 You are the administrator at Hi-tech, Ltd. The Hi-tech forest consists of three domains, each with four domain controllers. You are preparing to demote a domain controller in the forest root domain.You want to be sure that you do not permanently destroy any Active Directory partitions. Which of the following Active Directory partitions might exist only on that domain controller? (Choose all that apply.) A. B. C. D. E. Schema Configuration Domain Partial attribute set Application directory partition

Answer: DE Section: (none) Explanation/Reference:

QUESTION 230 You are hired as the network administrator in your company. Your company has an Active Directory domain. As an administrator, you plan to install the Active Directory Certificate Service (AD CS) role on a member server running Windows Server 2008. You have to make sure that the Account Operators group is able to issue smartcard credentials without being able to revoke certificate. Which of the following three actions should you perform to achieve this task? A. B. C. D. E. F. Restrict enrollment agents for the Smartcard logon certificate to the Account Operator group. Install the AD CS role and configure it as a Standalone CA. Restrict certificate managers for the Smartcard logon certificate to the Account Operator group. Install the AD CS role and configure it as an Enterprise Root CA. Create an Enrollment Agent certificate. Create a Smartcard logon certificate.

Answer: ADF Section: (none) Explanation/Reference:

QUESTION 231 You are hired as the network administrator in your company. Your company employs Windows Server 2008 Enterprise certificate authority (CA) to issue certificates. You're instructed to implement key archival. What should you do to achieve this task? A. B. C. D. On the server, archive the private key Configure Hisecdc security template Revoke the Enterprise subordinate CA and issue a user certificate to users of the encrypted files Configure the automatic enrollement for the computers that store encrypted files

Answer: A Section: (none) Explanation/Reference:

QUESTION 232 You are the domain administrator for your company. At your site you have a single DC that also acts as Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams!

100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement----an application server. From 10:00 a.m. to 4:00 p.m., users complain about slow logons to the network and that accessing resources from this DC is incredibly slow during most of the workday. You log on to the DC, pull up the Task Manager, and notice that a process called CustApp.exe is using just more than 90% of the CPU cycles. The application must remain running during the day, but you also need to resolve the slow logon issues. There is no money in the budget for additional hardware. What is the best way to handle this situation? A. Go into the Windows System Resource Manager on the DC, and create a new recurring calendar event to start at 8:00 a.m. and end at 5:00 p.m. daily. Associate the event with the Equal_Per_Process policy. B. Go into the Task Manager and into the Processes tab. Find CustApp.exe and set the priority to Below Normal. C. Go into the Task Manager and into the Process tab. Find CustApp.exe and end the process. D. Purchase a second server to run only the CustApp.exe application Answer: A Section: (none) Explanation/Reference:

QUESTION 233 You are hired as the network administrator in your company. Your company has a server that runs Windows Server 2008. Primarily this server has certification services configured as a stand-alone Certification Authority (CA). As per company policy, you are required to audit changes to the CA configuration setting and the CA security settings. Which two actions should you perform to achieve this task? (Choose two answers. Each answer is part of the complete solution) A. Open the Certification services snap-in and configure auditing B. Enable and configure the Audit object Access setting in the local security policy for the certification services server C. Configure the certification services server to log successful and failed attempts to change permissions on files in %SYSTEM32%\CertSrv directory D. Open the Certification services snap-in and configure auditing for security settings Answer: AB Section: (none) Explanation/Reference:

QUESTION 234 You want to configure all the existing domain controllers in your forest as global catalog servers. Which tools can you use to achieve this goal? (Choose all that apply.) A. B. C. D. E. Dcpromo.exe Active Directory Domain Services Installation Wizard Active Directory Sites and Services snap-in Active Directory Users and Computers snap-in Active Directory Domains and Trusts snap-in

Answer: C Section: (none) Explanation/Reference: Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement-----

QUESTION 235 You work as a technology specialist in an international company named Wiikigo. Your major job is to configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active Directory infrastructure and maintaining Active Directory objects. Nine new employees are hired by your company. The new employees should connect to the main office through a VPN connection. New user accounts are created and the new employees are granted the Allow Read and Allow Execute permissions to shared resources in the head office. Shared resources in the head office cannot be accessed by the new employees. Since you are the technical support, you are required to make sure that users are enabled to create a VPN connection to the head office. Which action should be performed to achieve the goal? A. To achieve the goal, the new employees should be added to the Windows Authorization Access security group. B. To achieve the goal, the new employees should be granted the Allow Full control permission. C. To achieve the goal, the new employees should be granted the Allow Access Dial-in permission. D. To achieve the goal, the new employees should be added to the Remote Desktop Users security group. Answer: C Section: (none) Explanation/Reference:

QUESTION 236 The network infrastructure at Trey Research prevents direct IP connectivity between the data center

and a research ship at sea. What must you do to support replication between the data center and the ship? A. B. C. D. Configure a separate domain in the forest for the ship. Increase the cost of the Active Directory site link containing the headquarters and the ship. Configure the domain controller on the ship as a preferred bridgehead server. Manually create a connection object between the domain controller on the ship and a domain controller at the headquarters.

Answer: A Section: (none) Explanation/Reference:

QUESTION 237 You are hired as the network administrator in your company. Your company has servers that run Windows Server 2008. You administer 2 servers named SERVER01 and SERVER02. You have installed the enterprise root certification authority (CA) on SERVER01 and Online Responder role service on SERVER02. You want the SERVER01 to support the online responder. What should you do to configure online responder on SERVER01? A. B. C. D. On SERVER01, configure Authority Information Access (AIA) extension Configure CertPublishers group on SERVER01 and SERVER02 Configure Dual Certificate List extension on SERVER01 and SERVER02 Create a conventional Group Policy Object (GPO) and import enterprise root CA certificate. Link the GPO to SERVER01

Answer: A Section: (none) Explanation/Reference: Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement-----

QUESTION 238 You want to initiate replication manually between two domain controllers to verify that replication is functioning correctly. Which of the following tools can you use? (Choose all that apply.) A. B. C. D. The Active Directory Sites And Services snap-in Repadmin.exe Dcdiag.exe The Active Directory Domains And Trusts snap-in

Answer: AB Section: (none) Explanation/Reference:

QUESTION 239 You are hired as the network administrator in your company. Your company runs Window Server 2008 on all of its servers. It has a single Active Directory domain and it uses Enterprise Certificate Authority. The security policy at Hi-tech.com makes it necessary to examine revoked certificate information. You need to make sure that the revoked certificate information is available at all times. What should you do to achieve that? A. Add and configure a new GPO (Group Policy Object) that enables users to accept peer certificates and link the GPO to the domain. B. Configure and use a GPO to publish a list of trusted certificate authorities to the domain C. Configure and publish an OCSP (Online certificate status protocol) responder through ISAS (Internet Security and Acceleration Server) array. D. Use network load balancing and publish an OCSP responder Answer: D Section: (none) Explanation/Reference:

QUESTION 240 You want to raise the domain functional level of a domain in the hi-tech.com forest. Which tool can you use? (Choose all that apply.) A. B. C. D. Active Directory Users And Computers Active Directory Schema Active Directory Sites And Services Active Directory Domains And Trusts

Answer: AD Section: (none) Explanation/Reference:

QUESTION 241 You are an administrator of the hi-tech.com domain. You want to add a read-only domain controller to a domain with one Windows Server 2003 domain controller and one Windows 2008 domain controller. Which of the following must be done before adding a new server as an RODC? (Choose all that apply. Each

correct answer is part of the solution.) A. Upgrade the Windows 2003 domain controller to Windows Server 2008. B. Raise the domain functional level to Windows Server 2003. C. Raise the domain functional level to Windows Server 2008. Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement----D. Raise the forest functional level to Windows Server 2003. E. Run Adprep /rodcprep. F. Run Adprep /forestprep. Answer: BDE Section: (none) Explanation/Reference:

QUESTION 242 You have just finished upgrading all domain controllers in the hi-tech.com domain to Windows Server 2008. Domain controllers in the subsidiary.hi-tech.com domain will be upgraded in three months. You want to configure fine-grained password policies for several groups of users in hi-tech.com. What must you do first? A. B. C. D. Install a read-only domain controller. Run Dfsrmig.exe. Raise the forest functional level. Install the Group Policy Management Console (GPMC) feature

Answer: C Section: (none) Explanation/Reference:

QUESTION 243 You are an administrator at Wingtip Toys, which has just acquired Tailspin Toys. You have created a one-way outgoing trust to enable users in the tailspintoys.com domain to access resources that have been moved into the wingtiptoys.com domain. Some users from tailspintoys.com are able to access the resources successfully, but other users are reporting that they are unable to gain access to the resources. You discover that the users having problems have worked for Tailspin Toys for eight or more years and that their accounts were migrated from a Windows NT 4.0 domain. What must you do to enable them to gain

access to the resources? (Choose all that apply.) A. Create accounts in the wingtiptoys.com domain with the same user names and passwords as their accounts in the tailspintoys.com domain. B. Rebuild the Windows NT 4.0 domain and upgrade a domain controller to Windows Server 2008. C. Run the Netdom trust command with the /verify parameter. D. Run the Netdom trust command with the /quarantine:no parameter. Answer: CD Section: (none) Explanation/Reference:

QUESTION 244 You are a systems administrator for hi-tech.com. You have been requested to compact the database on one of the two DCs for the forest root domain. However, when you try to stop the AD DS service, you find that you cannot stop it on the server you are working on. What could be the problem? A. B. C. D. You cannot stop the AD DS service on a Windows Server 2008 DC. Someone else is working on another DC in this domain. You must restart the server in Directory Services Restore Mode. You must use the net stop command to stop the AD DS service. Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement-----

Answer: B Section: (none) Explanation/Reference:

QUESTION 245 You are a systems administrator at hi-tech.com. As you log on to a DC to perform maintenance, you get the impression that server response is sluggish. You want to verify what is going on. Which tool should you use? (Choose all that apply.) A. B. C. D. Reliability Monitor Event Viewer Task Manager Performance Monitor

Answer: ABCD Section: (none)

Explanation/Reference:

QUESTION 246 You work as a technology specialist in an international company named Wiikigo. Your major job is to configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active Directory infrastructure and maintaining Active Directory objects. A single Active Directory domain is contained by your network. Windows Server 2003 is run by all domain controllers. All domain controllers are upgraded to Windows Server 2008. Since you are the technical support, you are required to make sure that the Sysvol share replicates by utilizing DFS Replication (DFS-R). Which action should be performed to achieve the goal? A. B. C. D. From the command prompt, dfsutil /addroot:sysvol should be run. The functional level of the domain should be raised to Windows Server 2008. From the command prompt, dcpromo /unattend:unattendfile.xml should be run. From the command prompt, netdom /reset should be run.

Answer: B Section: (none) Explanation/Reference:

QUESTION 247 You are hired as the network administrator in your company. Your company has an Active Directory domain. As an administrator, you plan to install the Active Directory Certificate Service (AD CS) role on a member server running Windows Server 2008. You have to make sure that the Account Operators group is able to issue smartcard credentials without being able to revoke certificate. Which of the following three actions should you perform to achieve this task? A. B. C. D. E. F. Restrict enrollment agents for the Smartcard logon certificate to the Account Operator group. Install the AD CS role and configure it as a Standalone CA. Restrict certificate managers for the Smartcard logon certificate to the Account Operator group. Install the AD CS role and configure it as an Enterprise Root CA. Create an Enrollment Agent certificate. Create a Smartcard logon certificate.

Answer: ADF Section: (none) Explanation/Reference: Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take

Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement-----

QUESTION 248 You work as a technology specialist in an international company named Wiikigo. Your major job is to configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active Directory infrastructure and maintaining Active Directory objects. You have a domain controller that runs the DHCP service. You need to perform an offline defragmentation of the Active Directory database on the domain controller. You must achieve this goal without affecting the availability of the DHCP service. What should you do? A. The Active Directory Domain Services service should be stopped. The Ntdsutil utility should be run. B. The domain controller should be restarted in Directory Services Restore Mode. The Ntdsutil utility should be run. C. The Active Directory Domain Services service should be stopped. The Disk Defragmenter utility should be run. D. The domain controller should be restarted in Directory Services Restore Mode. The Disk Defragmenter utility should be run. Answer: A Section: (none) Explanation/Reference:

QUESTION 249 You work as a technology specialist in an international company named Wiikigo. Your major job is to configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active Directory infrastructure and maintaining Active Directory objects. There is an Active Directory domain in the company. Windows Server 2008 is run by all servers. An Enterprise Root certification authority (CA) is run by your company. You have to make sure that only administrators can sign code. So what should you do? (Choose more than one) A. The security settings on the template should be modified to allow only administrators to request code signing certificates. B. The local computer policy of the Enterprise Root CA should be edited to allow only administrators to manage Trusted Publishers. C. The code signing template should be published. D. The local computer policy of the Enterprise Root CA should be edited to allow users to trust peer certificates and allow only administrators to apply the policy. Answer: AC

Section: (none) Explanation/Reference:

QUESTION 250 You work as a technology specialist in an international company named Wiikigo. Your major job is to configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active Directory infrastructure and maintaining Active Directory objects. There is an Active Directory domain in your company. An Enterprise Root certification authority (CA) is installed on a member server named S01. Since you are the technical support, you are required to make sure that only the Security Manager is Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement----enabled to revoke certificates which are provided by S01. Which action should be performed to achieve the goal? A. To achieve the goal, the Allow - Manage CA permission should be assigned to only the Security Manager user account. B. To achieve the goal, the Allow - Issue and Manage Certificates permission should be assigned to only the Security Manager user account. C. To achieve the goal, the Request Certificates permission should be removed from the Domain Users group. D. To achieve the goal, the Request Certificates permission should be removed from the Authenticated Users group. Answer: B Section: (none) Explanation/Reference:

QUESTION 251 You work as a technology specialist in an international company named Wiikigo. Your major job is to configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active Directory infrastructure and maintaining Active Directory objects. There is an Active Directory domain in your company. And Windows Server 2008 is run by the Active Directory domain. An OU for Computers, an OU for Groups, and an OU for Users are included by the Sales OU. Nightly backups are performed. The Groups OU is deleted by an administrator. Since you are the technical support, you are required to restore the Groups OU, and users and computers in the Sales OU should not be affected. Which action should be performed to achieve the goal?

A. B. C. D.

To achieve the goal, a non-authoritative restore of the Groups OU should be performed. To achieve the goal, a non-authoritative restore of the Sales OU should be performed. To achieve the goal, an authoritative restore of the Sales OU should be performed. To achieve the goal, an authoritative restore of the Groups OU should be performed.

Answer: D Section: (none) Explanation/Reference:

QUESTION 252 You work as a technology specialist in an international company named Wiikigo. Your major job is to configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active Directory infrastructure and maintaining Active Directory objects. There is an Active Directory forest in your company. An organizational unit and a child organizational unit named Sales are contained by each branch office. All users and computers of the sales department are included by the Sales organizational unit. Since you are the technical support, you are required to have a Microsoft Office 2007 application installed only on the computers in the Sales organizational unit. A GPO named SApplication GPO should be created. Which action should be performed next? A. The GPO should be configured to assign the application to the computer account. And then, the SApplication GPO should be linked to the domain. Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement----B. The GPO should be configured to assign the application to the user account. And then, the SApplication GPO should be linked to the Sales organizational unit in each location. C. The GPO should be configured to publish the application to the user account. And then, the SApplication GPO should be linked to the Sales organizational unit in each location. D. The GPO should be configured to assign the application to the computer account. And then, the SApplication GPO should be linked to the Sales organizational unit in each location. Answer: D Section: (none) Explanation/Reference:

QUESTION 253 You work as a technology specialist in an international company named Wiikigo. Your major job is to configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active

Directory infrastructure and maintaining Active Directory objects. It is reported by a user in a branch office of your company that he fails to join a computer to the domain. Since you are the technical support, you are required to enable the user to join a single computer to the domain. In addition, you should make sure that only rights which are necessary to finish the task should be given to the user. Which action should be performed to achieve the goal? A. To achieve the goal, the user to the Server Operators group should be added in the Active Directory domain. B. To achieve the goal, the user the right should be granted to log on locally by utilizing a Group Policy Object (GPO). C. To achieve the goal, the computer account should be prestaged in the Active Directory domain. D. To achieve the goal, the user to the Domain Administrators group should be added for one day. Answer: C Section: (none) Explanation/Reference:

QUESTION 254 You work as a technology specialist in an international company named Wiikigo. Your major job is to configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active Directory infrastructure and maintaining Active Directory objects. A single Active Directory domain is contained by your network. And nine domain controllers are included by the domain. Windows Server 2008 is run by the domain controllers. In addition, the domain controllers are configured as DNS servers. A new Active Directory-integrated zone will be created. According to the company requirements, you should make sure that the new zone is only copied to four of your domain controllers. Which actions should be performed first? A. From the command prompt, dnscmd should be run and the /enlistdirectorypartition parameter should be specified. B. From the command prompt, dnscmd should be run and the /createdirectorypartition parameter should be specified. C. A new delegation should be created in the ForestDnsZones application directory partition. Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement----D. A new delegation should be created in the DomainDnsZones application directory partition. Answer: B Section: (none)

Explanation/Reference:

QUESTION 255 You work as a technology specialist in an international company named Wiikigo. Your major job is to configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active Directory infrastructure and maintaining Active Directory objects. There is a domain controller which runs Windows Server 2008. The domain controller has the Windows Server Backup feature installed. You have to use an existing backup file to perform a non-authoritative restore of the domain controller. So what action should you perform? A. The domain controller should be restarted in safe mode. Perform a critical volume restore by using the WBADMIN command. B. The domain controller should be restarted in safe mode. Perform a critical volume restore by using the Windows Server Backup snap-in. C. The domain controller should be restarted in Directory Services Restore Mode. Perform a critical volume restore by using the WBADMIN command. D. The domain controller should be restarted in Directory Services Restore Mode. Perform a critical volume restore by using the Windows Server Backup snap-in. Answer: C Section: (none) Explanation/Reference:

QUESTION 256 You work as a technology specialist in an international company named Wiikigo. Your major job is to configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active Directory infrastructure and maintaining Active Directory objects. There is a domain controller in the company, and the DHCP service is run by the controller. Since you are the technical support, you are required to have an offline defragmentation of the Active Directory database performed on the domain controller. In addition, the availability of the DHCP service should not be affected during the process. Which action should be performed to achieve the goal? A. To achieve the goal, the Active Directory Domain Services service should be stopped. And then, the Ntdsutil utility should be run. B. To achieve the goal, the Active Directory Domain Services service should be stopped. And then, the Disk Defragmenter utility should be run. C. To achieve the goal, the domain controller should be restarted in Directory Services Restore Mode. And then, the Disk Defragmenter utility should be run.

D. To achieve the goal, the domain controller should be restarted in Directory Services Restore Mode. And then, the Ntdsutil utility should be run. Answer: A Section: (none) Explanation/Reference: Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement-----

QUESTION 257 You work as a technology specialist in an international company named Wiikigo. Your major job is to configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active Directory infrastructure and maintaining Active Directory objects. You are in charge of two servers named S01 and S02. Windows Server 2008 is run by both servers. S01 is configured as an enterprise root certification authority (CA). You have the Online Responder role service installed on S02. You have to configure S01 to support the Online Responder. So what action should you perform? A. B. C. D. The Authority Information Access (AIA) extension should be configured. S02 computer account should be added to the CertPublishers group. The enterprise root CA certificate should be imported. The Certificate Revocation List Distribution Point extension should be configured.

Answer: A Section: (none) Explanation/Reference:

QUESTION 258 You work as a technology specialist in an international company named Wiikigo. Your major job is to configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active Directory infrastructure and maintaining Active Directory objects. An Active Directory forest is included by your network. And one domain named wiikigo.com is contained by the Active Directory forest. Windows Server 2008 is run by all domain controllers. In addition, all domain controllers are configured as DNS servers. There are two Active Directory-integrated zones: wiikigo.com and cosoto.com. According to the company requirements, you should make sure that a user can change records in the wiikigo.com zone. The user should be stopped from changing the SOA record in the cosoto.com zone. Which action should be

performed to achieve the goal? A. From the Active Directory Users and Computers console, the Delegation of Control Wizard should be run. B. From the Active Directory Users and Computers console, the permissions of the Domain Controllers organizational unit (OU) should be changed. C. From the DNS Manager console, the permissions of the wiikigo.com zone should be changed. D. From the DNS Manager console, the permissions of the cosoto.com zone should be changed. Answer: C Section: (none) Explanation/Reference:

QUESTION 259 You work as a technology specialist in an international company named Wiikigo. Your major job is to configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active Directory infrastructure and maintaining Active Directory objects. There is a head office and three branch offices in your company. The company configures each office as a separate Active Directory site, and the Active Directory site has its own domain controller. An account that has administrative rights should be disabled. Since you are the technical support, you are required to copy the disabled account information instantly to all sites. To accomplish the task, which two of the following options should be performed? Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement----(Choose more than one.) A. To accomplish the task, the current connection objects and force replication should be chosen from the Active Directory Sites and Services console. B. To accomplish the task, all domain controllers should be configured as global catalog servers from the Active Directory Sites and Services console. C. To accomplish the task, Dsmod.exe should be utilized to configure all domain controllers as global catalog servers. D. To accomplish the task, Repadmin.exe should be utilized to force replication between the site connection objects. Answer: AD Section: (none) Explanation/Reference:

QUESTION 260 You work as a technology specialist in an international company named Wiikigo. Your major job is to

configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active Directory infrastructure and maintaining Active Directory objects. A single Active Directory domain is contained by your network. Windows Server 2008 is run by all domain controllers. Since you are the technical support, you are required to have all replication errors captured from all domain controllers to a central location. Which action should be performed to achieve the goal? A. B. C. D. To achieve the goal, the Active Directory Diagnostics data collector set should be started. To achieve the goal, Network Monitor should be installed and a new a new capture should be created. To achieve the goal, event log subscriptions should be configured. To achieve the goal, the System Performance data collector set should be started.

Answer: C Section: (none) Explanation/Reference:

QUESTION 261 You work as a technology specialist in an international company named Wiikigo. Your major job is to configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active Directory infrastructure and maintaining Active Directory objects. There is a head office and 40 branch office in your company. Each branch office is configured as a separate Active Directory site which has a dedicated read-only domain controller (RODC). An RODC server is stolen from one of the branch offices. According to the company requirement, you have to identify the user accounts that were cached on the stolen RODC server. Which utility should be used? A. B. C. D. Ntdsutil.exe should be used. Dsmod.exe should be used. Active Directory Users and Computers should be used. Active Directory Sites and Services should be used.

Answer: C Section: (none) Explanation/Reference: Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement-----

QUESTION 262

You work as a technology specialist in an international company named Wiikigo. Your major job is to configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active Directory infrastructure and maintaining Active Directory objects. There is a single Active Directory domain in the company network. User accounts for engineering department reside in an OU named Engineering. According to the company requirement, you have to create a password policy for the engineering department that is different from your domain password policy. So what action should you perform? A. A domain local security group should be created and all the user accounts for the engineering department should be added to the group. Choose the group and run the Delegation of Control Wizard from the Active Directory Users and Computer console. B. A new GPO should be created. The GPO should be linked to the Engineering OU. C. A new GPO should be created. The GPO should be linked to the domain. Block policy inheritance on all OUs except for the Engineering OU. D. A global security group should be created and all the user accounts for the engineering department should be added to the group. A new Password Policy Object (PSO) should be created and it should be applied to the group. Answer: D Section: (none) Explanation/Reference:

QUESTION 263 You work as a technology specialist in an international company named Wiikigo. Your major job is to configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active Directory infrastructure and maintaining Active Directory objects. The company has offices that are located in Asian and Europe. There is an Active Directory forest in this company. This forest contains three domains. Now you receive an order from the company management. You are asked to cut down the time required to authenticate users from the labs.eu.wiikigo.com domain when they access resources in the eng.na.wiikigo.com domain. So what action should you perform? A. B. C. D. The replication interval for the DEFAULTIPSITELINK site link should be decreased. The replication interval for all Connection objects should be decreased. A one-way shortcut trust from labs.eu.wiikigo.com to eng.na.wiikigo.com should be set up. A one-way shortcut trust from eng.na.wiikigo.com to labs.eu.wiikigo.com should be set up.

Answer: D Section: (none) Explanation/Reference:

QUESTION 264 You work as a technology specialist in an international company named Wiikigo. Your major job is to configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active Directory infrastructure and maintaining Active Directory objects. There is an Active Directory domain named wiikigo.com in your company. There are two DNS servers named DNS01 and DNS02 in the company network. The table below shows the configuration of the DNS servers.Domain users, who are configured to use Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement----DNS02 as the preferred DNS server, cannot connect to Internet Web sites. According to the company requirement, you have to enable Internet name resolution for all client computers. So what action should you perform?

A. B. C. D.

The list of root hints servers on DNS02 should be updated. A copy of the .(root) zone on DNS01 should be created. The .(root) zone should be deleted from DNS02. Conditional forwarding on DNS02 should be configured. The Cache.dns file on DNS02 should be updated. Conditional forwarding on DNS01 should be configured.

Answer: C Section: (none) Explanation/Reference:

QUESTION 265 You work as a technology specialist in an international company named Wiikigo. Your major job is to configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active Directory infrastructure and maintaining Active Directory objects. There is a single Active Directory domain in the company network. Windows Server 2008 is run by all domain controllers. Auditing is configured to log changes made to the Managed By attribute on group objects in an organizational unit named OU1. You have to log changes made to the Description attribute on all group objects in OU1 only. So what action should you perform?

A. A new Group Policy object (GPO) should be created. The Audit account management policy setting should be enabled. The GPO should be linked to OU1. B. auditpol.exe should be run. C. The auditing entry for OU1 should be modified. D. The auditing entry for the domain should be modified. Answer: C Section: (none) Explanation/Reference:

QUESTION 266 You work as a technology specialist in an international company named Wiikigo. Your major job is to configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active Directory infrastructure and maintaining Active Directory objects. There is an Active Directory forest in your company network. One domain is contained in this forest. Windows Server 2008 is run by all domain controllers that are configured as DNS servers. You have an Active Directory-integrated zone and two Active Directory sites. There are five domain controllers in each site. You have a new NS record added to the zone. According to the company requirement, you have to make sure that all domain controllers immediately receive the new NS record. So what action should you perform? A. Run repadmin /syncall from the command prompt. Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement----B. Increase the version number of the SOA record from the DNS Manager console. C. Reload the zone from the DNS Manager console. D. Restart the DNS Server service from the Services snap-in. Answer: A Section: (none) Explanation/Reference:

QUESTION 267 You work as a technology specialist in an international company named Wiikigo. Your major job is to configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active Directory infrastructure and maintaining Active Directory objects. There is a server named S01 in the company. S01 runs Windows Server 2008. S01 runs an instance of Active Directory Lightweight Directory

Services (AD LDS). You need to replicate the AD LDS instance on a test computer that is located on the network. So what action should you perform? A. B. C. D. Run the Dsmgmt command on the test computer to create a naming context. Run the Dsmgmt command on the test computer to create a new directory partition. Run the AD LDS Setup wizard on the test computer to create and install a replica. The repadmin /kcc <servername> command should be run on the test computer.

Answer: C Section: (none) Explanation/Reference:

QUESTION 268 You work as a technology specialist in an international company named Wiikigo. Your major job is to configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active Directory infrastructure and maintaining Active Directory objects. The company wants users to use a new User Principal Name (UPN) to log on to Active Directory. You are asked to modify the UPN suffix for all user accounts. Which tool should be used? A. B. C. D. Netdom should be used. Redirusr should be used. Dsmod should be used. Active Directory Domains and Trusts should be used.

Answer: C Section: (none) Explanation/Reference:

QUESTION 269 You work as a technology specialist in an international company named Wiikigo. Your major job is to configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active Directory infrastructure and maintaining Active Directory objects. Since you are the technical support, you are required to have all failed logon attempts on the domain controllers identified. Which action should be performed to achieve the goal? A. To achieve the goal, the Security tab should be viewed on the domain controller computer object. B. To achieve the goal, Event Viewer should be run.

C. To achieve the goal, the Netlogon.log file should be viewed. Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement----D. To achieve the goal, the Security Configuration Wizard should be run. Answer: B Section: (none) Explanation/Reference:

QUESTION 270 You work as a technology specialist in an international company named Wiikigo. Your major job is to configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active Directory infrastructure and maintaining Active Directory objects. A single Active Directory domain is included by your network. Windows Server 2008 is run by all domain controllers. Since you are the technical support, you are required to reset the Directory Services Recovery Mode (DSRM) password on a domain controller. From the following four tools, which one should be utilized to achieve the goal? A. B. C. D. To achieve the goal, local Users and Groups snap-in should be utilized. To achieve the goal, active Directory Users and Computers snap-in should be utilized. To achieve the goal, dsmod should be utilized. To achieve the goal, ntdsutil should be utilized.

Answer: D Section: (none) Explanation/Reference:

QUESTION 271 You work as a technology specialist in an international company named Wiikigo. Your major job is to configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active Directory infrastructure and maintaining Active Directory objects. There is an Active Directory forest in your company. And a single domain is included by the Active Directory forest. An Active Directory Federation Services (AD FS) server role is installed on the domain member server. Since you are the technical support, you are required to configure AD FS so as to make sure that information from the Active Directory domain is included by AD FS tokens contain. Which action should be performed to achieve the goal? A. To achieve the goal, a new resource partner should be added and configured.

B. To achieve the goal, a Claims-aware application should be added and configured. C. To achieve the goal, a new account store should be added and configured. D. To achieve the goal, a new account partner should be added and configured. Answer: C Section: (none) Explanation/Reference:

QUESTION 272 You work as a technology specialist in an international company named Wiikigo. Your major job is to configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active Directory infrastructure and maintaining Active Directory objects. There is an Active Directory domain in your company. The company intends to have the Active Directory Certificate Service (AD CS) server role installed on a member server, and Windows Server 2008 is run by the server. Since you are the technical support, you are required to make sure that members of the Account Operators group should be enabled to have smartcard credentials issued. But they should not be enabled to have certificates revoked. To achieve the goal, which action should be performed? Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement----(Choose more than one.) A. To achieve the goal, an Enrollment Agent certificate should be created. B. To achieve the goal, the AD CS server role should be installed and it should be configured as an Enterprise Root CA. C. To achieve the goal, the AD CS server role should be installed and it should be configured as a Standalone CA. D. To achieve the goal, enrollment agents for the Smartcard logon certificate should be restricted to the Account Operator group. E. To achieve the goal, certificate managers for the Smartcard logon certificate should be restricted to the Account Operator group. F. To achieve the goal, a Smartcard logon certificate should be created. Answer: BDF Section: (none) Explanation/Reference:

QUESTION 273 You work as a technology specialist in an international company named Wiikigo. Your major job is to

configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active Directory infrastructure and maintaining Active Directory objects. There is a head office and a branch office in the company. The offices are connected by a WAN link. There is an Active Directory forest in the company. A single domain named ad.wiikigo.com is contained in the forest. The ad.wiikigo.com domain contains one domain controller named DC01 that is located in the head office. DC01 is configured as a DNS server for the ad.wiikigo.com DNS zone. This zone is configured as a standard primary zone. You install a new domain controller named DC02 in the branch office. You install DNS on DC02. You have to make sure that the DNS service can update records and resolve DNS queries in the event that a WAN link fails. So what action should you perform? A. B. C. D. The DNS server on DC02 should be configured to forward requests to DC01. A new standard secondary zone named ad.wiikigo.com should be created on DC02. The ad.wiikigo.com zone on DC01 should be converted to an Active Directory-integrated zone. In order to make sure of this, a new stub zone named ad.wiikigo.com should be created on DC02.

Answer: C Section: (none) Explanation/Reference:

QUESTION 274 You work as a technology specialist in an international company named Wiikigo. Your major job is to configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active Directory infrastructure and maintaining Active Directory objects. An Active Directory Rights Management Services (AD RMS) server is contained by your company. Windows Vista is run by the users' computers. And the company configures an Active Directory domain at the Windows Server 2003 functional level. According to the company requirements, you should configure AD RMS so as to make sure that the users are enabled to protect their documents. Which action should be performed to achieve the goal? Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement----A. To achieve the goal, an e-mail account should be created in Active Directory Domain Services (AD DS) for each RMS user. B. To achieve the goal, Active Directory domain should be upgraded to the functional level of Windows Server 2008. C. To achieve the goal, the AD RMS client 2.0 should be installed on each client computer.

D. To achieve the goal, the RMS service account should be added to the local administrators group on the AD RMS server. Answer: A Section: (none) Explanation/Reference:

QUESTION 275 You work as a technology specialist in an international company named Wiikigo. Your major job is to configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active Directory infrastructure and maintaining Active Directory objects. There is an Active Directory domain, and Windows Server 2008 is run by the domain. You are required to implement a certification authority (CA) server, and the following requirements should be met. First, the certification authority should be permitted to automatically issue certificates Second, a certification authority (CA) server should integrate with Active Directory Domain Services Which action should be performed to achieve the goal? A. To achieve the goal, a certificate should be purchased from a third-party certification authority. And then, the certificate should be imported into the computer store of the schema master. B. To achieve the goal, the Active Directory Certificate Services server role should be installed and configured as a Standalone Root CA. C. To achieve the goal, the Active Directory Certificate Services server role should be installed and configured as an Enterprise Root CA. D. To achieve the goal, a certificate should be purchased from a third-party certification authority. And then, the Active Directory Certificate Services server role should be installed and configured as a Standalone Subordinate CA. Answer: C Section: (none) Explanation/Reference:

QUESTION 276 You work as a technology specialist in an international company named Wiikigo. Your major job is to configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active Directory infrastructure and maintaining Active Directory objects. Since you are the technical support, you are required to have a read-only domain controller (RODC) deployed, and Windows Server 2008 is run by RODC. As you should choose a minimal forest functional level, which of the following should be utilized? A. Windows 2000 Native mode should be utilized.

B. Windows Server 2003 Native mode should be utilized. C. Windows Server 2008 should be utilized. Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement----D. Windows Server 2003 Interim mode should be utilized. Answer: B Section: (none) Explanation/Reference:

QUESTION 277 You work as a technology specialist in an international company named Wiikigo. Your major job is to configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active Directory infrastructure and maintaining Active Directory objects. There are file servers in your company, and they are located in an organizational unit named PRoll. PRoll files are included by file servers which are in a folder named PRoll. A GPO is created. Since you are the technical support, you are required to have the employees who access the PRoll files on the file servers tracked. Which action should be performed? A. The Audit process tracking option should be enabled. And then, the GPO should be linked to the PRoll organizational unit. At last, Auditing for the Everyone group in the PRoll folder should be configured on the file servers. B. The Audit object access option should be enabled. And then, the GPO should be linked to the PRoll organizational unit. At last, Auditing for the Everyone group in the PRoll folder should be configured on the file servers. C. The Audit object access option should be enabled. And then, the GPO should be linked to the domain. At last, Auditing for the Authenticated Users group in the PRoll folder should be configured on the domain controllers. D. The Audit process tracking option should be enabled. And then, the GPO should be linked to the Domain Controllers organizational unit. At last, Auditing for the Authenticated Users group in the PRoll folder should be configured on the file servers. Answer: B Section: (none) Explanation/Reference:

QUESTION 278 You work as a technology specialist in an international company named Wiikigo. Your major job is to configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active

Directory infrastructure and maintaining Active Directory objects. There is an Active Directory domain in the company. You have a new domain controller installed in the domain. You receive report from twenty users saying that they cannot log on to the domain. You have to reregister the SRV records. Which command should you run on the new domain controller? A. B. C. D. The dnscmd /EnlistDirectoryPartition command should be run. The sc stop netlogon command should be run followed by the sc start netlogon command. The netsh interface reset command should be run. The ipconfig /flushdns command should be run.

Answer: B Section: (none) Explanation/Reference: Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement-----

QUESTION 279 You work as a technology specialist in an international company named Wiikigo. Your major job is to configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active Directory infrastructure and maintaining Active Directory objects. In your company, there are three Active Directory domains in a single forest. A new Active Directoryenabled application is installed. New user attributes are added to the Active Directory schema by the application. You find that the Active Directory replication traffic to the Global Catalogs has raised. Since you are the technical support, you are required to stop the new attributes from being copied to the Global Catalog. The application functionality should not be affected. Which action should be performed to achieve the goal? A. To achieve the goal, the new attributes in the Active Directory schema should be marked as defunct. B. To achieve the goal, the properties in the Active Directory schema should be changed for the new attributes. C. To achieve the goal, the replication interval for the DEFAULTIPSITELINK object should be modified to 9990. D. To achieve the goal, the cost for the DEFAULTIPSITELINK object should be modified to 9990. Answer: B Section: (none) Explanation/Reference:

QUESTION 280 You work as a technology specialist in an international company named Wiikigo. Your major job is to configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active Directory infrastructure and maintaining Active Directory objects. There is an Active Directory forest in your company. The company intends to have an Enterprise certification authority (CA) installed on a dedicated stand-alone server. When you try to have the Active Directory Certificate Services (AD CS) server role added, you find that the Enterprise CA option cannot be accessed. You are required to have the AD CS server role installed as an Enterprise CA. Which action should be performed to achieve the goal? A. To achieve the goal, the Web Server server role and the AD CS server role should be added. B. To achieve the goal, the Active Directory Lightweight Directory Services (AD LDS) server role should be added. C. To achieve the goal, the DNS Server server role should be added. D. To achieve the goal, the server should be joined to the domain. Answer: D Section: (none) Explanation/Reference:

QUESTION 281 You work as a technology specialist in an international company named Wiikigo. Your major job is to configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active Directory infrastructure and maintaining Active Directory objects. There is a single Active Directory domain in the company network. Ten domain controllers are contained in the domain. Windows Server 2008 is run by the domain controllers that are configured as DNS servers. You decide to create a new Active Directory-integrated zone. You have to make sure that the new zone is only replicated to four of your Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement----domain controllers. What action should you perform first? A. B. C. D. Run dnscmd and specify the /enlistdirectorypartition parameter from the command prompt. Run dnscmd and specify the /createdirectorypartition parameter from the command prompt. A new delegation should be created in the ForestDnsZones application directory partition. A new delegation should be created in the DomainDnsZones application directory partition.

Answer: B Section: (none)

Explanation/Reference:

QUESTION 282 You work as a technology specialist in an international company named Wiikigo. Your major job is to configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active Directory infrastructure and maintaining Active Directory objects. There is a current Active Directory site named S01. A new Active Directory site named S02 is created. Since you are the technical support, you are required to configure Active Directory replication between S01 and S02. A new domain controller is installed. The site link between S01 and S02 is created. To achieve the goal, which action should be performed next? A. To achieve the goal, the Active Directory Sites and Services console should be utilized to reduce the site link cost between S01 and S02. B. The Active Directory Sites and Services console should be utilized to assign a new IP subnet to S02. And then, the new domain controller object should be migrated to S02. C. The Active Directory Sites and Services console should be utilized to configure the new domain controller as a preferred bridgehead server for S01. D. To achieve the goal, the Active Directory Sites and Services console should be utilized to configure a new site link bridge object. Answer: B Section: (none) Explanation/Reference:

QUESTION 283 You work as a technology specialist in an international company named Wiikigo. Your major job is to configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active Directory infrastructure and maintaining Active Directory objects. There are two domain controllers in your company, and both domain controllers are configured as internal DNS servers. You can see all zones on the DNS servers are Active Directory-integrated zones. All dynamic updates are permitted by the zone. You find a problem that there are multiple entries in the wiikigo.com zone for the host names of computers that do not exist. Therefore, you plan to configure the wiikigo.com zone to automatically move expired records. Which action should be performed to achieve the goal? A. To achieve the goal, the default expiration interval should be increased on the wiikigo.com zone from the Start of Authority tab. B. To achieve the goal, only secure updates should be enabled on the wiikigo.com zone.

C. To achieve the goal, scavenging should be enabled and the refresh interval should be configured on the wiikigo.com zone. Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement----D. To achieve the goal, the default refresh interval should be reduced on the wiikigo.com zone from the Start of Authority tab. Answer: C Section: (none) Explanation/Reference:

QUESTION 284 You work as a technology specialist in an international company named Wiikigo. Your major job is to configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active Directory infrastructure and maintaining Active Directory objects. Shared folders are used by your company. Users are granted access to the shared folders by using domain local groups. Confidential data is contained in one of the shared folders. You have to make sure that unauthorized users cannot access the shared folder that contains confidential data. So what action should you perform? A. The unauthorized users should be instructed to use the Guest account to log on. Configure the Deny Full control permission on the shared folders that hold the confidential data for the Guest account. B. Use the Dsmod utility to enable the Do not trust this computer for delegation property on all the computers of unauthorized users. C. A Domain Local Group named Deny DLG should be created. The global group that contains the unauthorized users should be placed into the Deny DLG group. The Deny Full control permission should be configured on the shared folder that holds the confidential data for the Deny DLG group. D. A Global Group named Deny DLG should be created. The global group that contains the unauthorized users should be placed into the Deny DLG group. The Allow Full control permission should be configured on the shared folder that holds the confidential data for the Deny DLG group. Answer: C Section: (none) Explanation/Reference:

QUESTION 285 You work as a technology specialist in an international company named Wiikigo. Your major job is to configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active Directory infrastructure and maintaining Active Directory objects. There is an Active Directory forest in your company. Three branch offices are contained by the company, and the branch offices are located in three

different places. An organizational unit is contained by each location. Since you are the technical support, you are required to make sure that the branch office administrators are enabled to create and apply GPOs only to their respective organizational units. Which actions should be performed to achieve the goal? (Choose more than one.) A. The Delegation of Control Wizard should be run and the right to link GPOs for the domain should be delegated to the branch office administrators. B. The Delegation of Control Wizard should be run and the right to link GPOs for their branch organizational units should be delegated to the branch office administrators. C. The user accounts of the branch office administrators should be added to the Group Policy Creator Owners Group. Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement----D. The Managed By tab in each organizational unit should be changed to add the branch office administrators to their respective organizational units. Answer: BC Section: (none) Explanation/Reference:

QUESTION 286 You work as a technology specialist in an international company named Wiikigo. Your major job is to configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active Directory infrastructure and maintaining Active Directory objects. There is an Active Directory domain in your company. And there is a two-tier PKI infrastructure which an offline root CA and an online issuing CA are contained. Windows Server 2008 is run by the Enterprise certification authority. According to the company requirements, you are required to make sure that users can have new certificates enrolled. Which action should be performed to achieve the goal? A. The issuing CA certificate should be imported into the Intermediate Certification Authorities store on all client workstations. B. To achieve the goal, the Certificate Revocation List (CRL) should be renewed on the root CA. And then, the CRL should be replicated to theCertEnroll folder on the issuing CA. C. The Certificate Revocation List (CRL) should be renewed on the issuing CA. And then, the CRL should be replicated to theSystemCertificates folder in the users profile. D. The root CA certificate should be imported into the Trusted Root Certification Authorities store on all client workstations. Answer: B Section: (none)

Explanation/Reference:

QUESTION 287 You work as a technology specialist in an international company named Wiikigo. Your major job is to configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active Directory infrastructure and maintaining Active Directory objects. There is an Active Directory forest in your company. In the company, there are servers that run Windows Server 2008 and client computers that run Windows Vista. The domain uses a set of GPO administrative templates that have been approved to support regulatory compliance requirements. There is an Active Directory forest that contains a single domain in your partner company. The company has servers that run Windows Server 2008 and client computers that run Windows Vista. According to the company requirement, your partner companys domain needs to be configured to use the approved set of administrative templates. So what action should you perform? A. Download the conf.adm, system.adm, wuau.adm, and inetres.adm files from the Microsoft Updates Web site. The ADM files should be copied to the PolicyDefinitions folder on the partner companys PDC emulator. B. You should back up the GPO to a file by using the Group Policy Management Console (GPMC) utility. In each site, import the GPO to the default domain policy. C. The ADMX files should be copied from your companys PDC emulator to the PolicyDefinitions folder on Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement----the partner companys PDC emulator. D. The ADML files should be copied from your companys PDC emulator to the PolicyDefinitions folder on the partner companys PDC emulator. Answer: C Section: (none) Explanation/Reference:

QUESTION 288 You work as a technology specialist in an international company named Wiikigo. Your major job is to configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active Directory infrastructure and maintaining Active Directory objects. There is a head office and 9 branch offices in your company. An Active Directory site is contained by each branch office, and one domain controller is

included by the Active Directory site. The company configures only domain controllers in the head office as Global Catalog servers. Since you are the technical support, you are required to disable the Universal Group Membership Caching option on the domain controllers in the branch offices. As you should disable the disable the Universal Group Membership Caching option, which level should you choose? A. B. C. D. You should disable the Universal Group Membership Caching option at Connection object level. You should disable the Universal Group Membership Caching option at Site level. You should disable the Universal Group Membership Caching option at Server level. You should disable the Universal Group Membership Caching option at Domain level.

Answer: B Section: (none) Explanation/Reference:

QUESTION 289 You work as a technology specialist in an international company named Wiikigo. Your major job is to configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active Directory infrastructure and maintaining Active Directory objects. There is a single Active Directory domain in your company network. The forest plays in the functional level of Windows Server 2008. According to the company requirement, you have to create multiple password policies for users in your domain. So what action should you perform? A. B. C. D. Multiple security policies should be created from the Security Configuration Wizard. Multiple Group Policy objects should be created from the Group Policy Management snap-in. Multiple class schema objects should be created from the Schema snap-in. Multiple Password Setting objectss should be created from the ADSI Edit snap-in.

Answer: D Section: (none) Explanation/Reference:

QUESTION 290 You work as a technology specialist in an international company named Wiikigo. Your major job is to configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active Directory infrastructure and maintaining Active Directory objects. A single Active Directory domain is included by your network. The functional level of the forest is Windows Server 2008. Since you are the technical support, you are required to have multiple password policies created for users

Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement----in your domain. Which action should be performed to achieve the goal? A. B. C. D. From the Group Policy Management snap-in, multiple Group Policy objects should be created. From the Schema snap-in, multiple class schema objects should be created. From the ADSI Edit snap-in, multiple Password Setting objects should be created. From the Security Configuration Wizard, multiple security policies should be created.

Answer: C Section: (none) Explanation/Reference:

QUESTION 291 You work as a technology specialist in an international company named Wiikigo. Your major job is to configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active Directory infrastructure and maintaining Active Directory objects. There is a single Active Directory domain named intranet.wiikigo.com in your company. Windows Server 2008 is run by all domain controllers. The company configures the domain functional level and the forest functional level to Windows 2000 native mode. Since you are the technical support, you are required to make sure that the UPN suffix for wiikigo.com is available for user accounts. To achieve the goal, which action should be performed first? A. To achieve the goal, the new UPN suffix should be added to the forest. B. To achieve the goal, the Primary DNS Suffix option in the Default Domain Controllers Group Policy Object (GPO) should be modified to wiikigo.com. C. To achieve the goal, the wiikigo.com forest functional level should be raised to Windows Server 2003 or Windows Server 2008. D. To achieve the goal, the wiikigo.com domain functional level should be raised to Windows Server 2003 or Windows Server 2008. Answer: A Section: (none) Explanation/Reference:

QUESTION 292 You work as a technology specialist in an international company named Wiikigo. Your major job is to configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active

Directory infrastructure and maintaining Active Directory objects. There is an Active Directory forest in your company. This forest runs at the functional level of Windows Server 2008. You implement Active Directory Rights Management Services (AD RMS). Microsoft SQL Server 2005 is installed by you. When you try to open the AD RMS administration Web site, you receive the following error message: "SQL Server does not exist or access denied." You have to open the AD RMS administration Web site. So what should you do? (choose more than one) A. The Service Connection Point in Active Directory Domain Services (AD DS) should be deleted manually and AD RMS should be restarted. B. IIS should be restarted. C. Message Queuing should be installed. D. The MSSQLSVC service should be started. Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement----Answer: BD Section: (none) Explanation/Reference:

QUESTION 293 You work as a technology specialist in an international company named Wiikigo. Your major job is to configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active Directory infrastructure and maintaining Active Directory objects. 200 new user accounts are created by you. The users are located in six different sites. Now you receive report from new users. At the time that they attempt to log on, they receive the following error message when they try to log on: "The username or password is incorrect." You are sure that the user accounts exist and are enabled. You also confirm that the user name and password information supplied are correct. You need to find out the cause of the failure. Besides, you have to make sure that the new users are able to log on. Which utility should be run? A. B. C. D. Rstools should be run. Repadmin should be run. Rsdiag should be run. Active Directory Domains and Trusts should be run.

Answer: B Section: (none)

Explanation/Reference:

QUESTION 294 You work as a technology specialist in an international company named Wiikigo. Your major job is to configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active Directory infrastructure and maintaining Active Directory objects. There is an Active Directory domain in your company. An organizational unit named Sales is contained in this domain. There are two global security groups in this Sales organizational unit. The twp global grip[s are respectively named sales managers and sales executives. You have to apply desktop restrictions to the sales executives group. You must not apply these desktop restrictions to the sales managers group. After a GPO named DesktopLockdown is created and linked to the Sales organizational unit. What action should you perform next? A. The Deny Apply Group Policy permission should be configured for Authenticated Users on the DesktopLockdown GPO. B. The Allow Apply Group Policy permission should be configured for Authenticated Users on the DesktopLockdown GPO. C. The Deny Apply Group Policy permission should be configured for the sales managers on the DesktopLockdown GPO. D. The Deny Apply Group Policy permission should be configured for the sales executives on the DesktopLockdown GPO. Answer: C Section: (none) Explanation/Reference:

QUESTION 295 You work as a technology specialist in an international company named Wiikigo. Your major job is to Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement----configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active Directory infrastructure and maintaining Active Directory objects. There is a single Active Directory domain in your company network. All domain controllers run Windows Server 2008. You have to reset the Directory Services Recovery Mode (DSRM) password on a domain controller. What tool should be used? A. ntdsutil should be used.

B. Dsmod should be used. C. Local Users and Groups snap-in should be used. D. Active Directory Users and Computers snap-in should be used. Answer: A Section: (none) Explanation/Reference:

QUESTION 296 You work as a technology specialist in an international company named Wiikigo. Your major job is to configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active Directory infrastructure and maintaining Active Directory objects. A single Active Directory domain is included by the network. Windows Server 2008 is run by all domain controllers. Since you are the technical support, you are required to track all duplication errors from all domain controllers to a central location. Which action should be performed to achieve the goal? A. B. C. D. To achieve the goal, Network Monitor should be installed and a new a new capture should be created. To achieve the goal, event log subscriptions should be configured. To achieve the goal, the System Performance data collector set should be started. To achieve the goal, the Active Directory Diagnostics data collector set should be started.

Answer: B Section: (none) Explanation/Reference:

QUESTION 297 You work as a technology specialist in an international company named Wiikigo. Your major job is to configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active Directory infrastructure and maintaining Active Directory objects. You have a Windows Server 2008 which has the Active Directory Certificate Services server role installed. Since it takes a long time for client computers to download a certificate revocation list (CRL), you are asked to cut down the amount of time. So what action should you perform? A. An additional domain controller should be installed and configured. B. An Online Responder should be installed and configured. C. The Issuing CA certificate should be imported into the Trusted Root Certification Authorities store on all client workstations. D. The Root CA certificate should be imported into the Trusted Root Certification Authorities store on all client workstations.

Answer: B Section: (none) Explanation/Reference: Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement-----

QUESTION 298 You work as a technology specialist in an international company named Wiikigo. Your major job is to configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active Directory infrastructure and maintaining Active Directory objects. All consultants are members of a global group named TWorkers. Three file servers are placed in a new organizational unit named Safeservers. Confidential data which is located in shared folders are included by the three file servers. Since you are the technical support, you are required to record any unsuccessful attempts made by the consultants to connect the confidential data. Which two actions should be performed to achieve the goal? (Choose more than one.) A. On each shared folder on the three file servers, the TWorkers global group should be added to the Auditing tab. And then, the Failed Full control setting should be configured in the Auditing Entry dialog box. B. A new GPO should be created and linked to the Safeservers organizational unit. And then, the Audit privilege use Failure audit policy setting should be configured. C. A new GPO should be created and linked to the Safeservers organizational unit. And then, the Audit object access Failure audit policy setting should be configured. D. A new GPO should be created and linked to the Safeservers organizational unit. And then, the Deny access to this computer from the network user rights setting should be configured for the TWorkers global group. E. On each shared folder on the three file servers, the three servers should be added to the Auditing tab. And then, the Failed Full control setting should be configured in the Auditing Entry dialog box. Answer: AC Section: (none) Explanation/Reference:

QUESTION 299 You work as a technology specialist in an international company named Wiikigo. Your major job is to configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active Directory infrastructure and maintaining Active Directory objects. There is an Active Directory forest in your company network. Windows Server 2008 is run by all domain controllers that are configured as DNS

servers. You have an Active Directory-integrated zone for wiikigo.com. You have a UNIX-based DNS server. Your Windows Server 2008 environment needs to be configured to allow zone transfers of the wiikigo.com zone to the UNIX-based DNS server. What action should you perform in the DNS Manager console? A. B. C. D. A secondary zone should be created. BIND secondaries should be enabled. You should disable recursion. A stub zone should be created.

Answer: B Section: (none) Explanation/Reference:

QUESTION 300 You work as a technology specialist in an international company named Wiikigo. Your major job is to configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement----Directory infrastructure and maintaining Active Directory objects. There is an existing Active Directory site named Site01. After you create a new Active Directory site, you name it Site02. Now you receive an order from the company management. According to the company requirement, you have to configure Active Directory replication between Site01 and Site02. After a new domain controller is installed by you, the site link between Site01 and Site02 is created. What action should you perform next? A. The new domain controller should be configured as a preferred bridgehead server for Site01 by using the Active Directory Sites and Services console. B. A new site link bridge object should be configured by using the Active Directory Sites and Services console. C. The site link cost between Site01 and Site02 should be decreased by using the Active Directory Sites and Services console. D. A new IP subnet should be assigned to Site02 by using the Active Directory Sites and Services console. The new domain controller object should be moved to Site02. Answer: D Section: (none) Explanation/Reference:

QUESTION 301 You work as a technology specialist in an international company named Wiikigo. Your major job is to

configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active Directory infrastructure and maintaining Active Directory objects. There is an Active Directory domain in the company. A user receives the following message when trying to log on to the domain from a client computer: "This user account has expired. Ask your administrator to reactivate the account." So what action should you perform? A. B. C. D. The properties of the user account should be modified to set the password to never expire. The default domain policy should be modified to decrease the account lockout duration. The properties of the user account should be modified to set the account to never expire. The properties of the user account should be modified to extend the Logon Hours setting.

Answer: C Section: (none) Explanation/Reference:

QUESTION 302 You work as a technology specialist in an international company named Wiikigo. Your major job is to configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active Directory infrastructure and maintaining Active Directory objects. There is an Active Directory domain and an organizational unit in the company. The organizational unit is named Web. You configure and test new security settings for Internet Information Service (IIS) servers on a server named IISServerA. You have to deploy the new security settings only on the IIS servers that are members of the Web organizational unit. What action should you perform? A. The hisecws.inf file template should be imported into a GPO and the GP should be linked to the Web organizational unit. Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement----B. Export the settings on IISServerA to create a security template. Run secedit /configure /db webou.inf from the command prompt. C. Run secedit /configure /db webou.inf from the command prompt after running secedit /configure /db iis.inf from the command prompt on IISServerA. D. Export the settings on IISServerA to create a security template. Import the security template into a GPO and link the GPO to the Web organizational unit. Answer: D Section: (none)

Explanation/Reference:

QUESTION 303 You work as a technology specialist in an international company named Wiikigo. Your major job is to configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active Directory infrastructure and maintaining Active Directory objects. Recently, a new subsidiary company has been purchased by your company, and the new company is located in Quebec. The French-language version of the administrative templates should be utilized by the Active Directory administrators of the subsidiary company. A folder is created on the PDC emulator for the subsidiary domain in the path %systemroot%\SYSVOL\domain\Policies\PolicyDefinitions\FR. Since you are the technical support, you are required to make sure that the French-language version of the templates can be used. Which action should be performed? A. The ADMX files from the French local installation media for Windows Server 2008 should be replicated to the FR folder on the subsidiary PDC emulator. B. The Conf.adm, System.adm, Wuau.adm, and Inetres.adm files should be downloaded from the Microsoft Web site. And then, the ADM files should be replicated to the FR folder. C. The ADML files from the French local installation media for Windows Server 2008 should be replicated to the FR folder on the subsidiary PDC emulator. D. The Install.WIM file from the French local installation media for Windows Server 2008 should be replicated to the FR folder on the subsidiary PDC emulator. Answer: C Section: (none) Explanation/Reference:

QUESTION 304 You work as a technology specialist in an international company named Wiikigo. Your major job is to configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active Directory infrastructure and maintaining Active Directory objects. There are two Active Directory forests in your company. And they are respectively named F01 and F02. The company configures the forest functional level and the domain functional level of F01 to Windows Server 2008. In addition, the company set the forest functional level of F02 to Windows 2000. What's more,the company sets the domain functional levels in F02 to Windows Server 2003. Since you are the technical support, you are required to create a transitive forest trust between F01 and F02. To achieve the goal, which action should be performed first?

Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement----A. To achieve the goal, the domain controllers in F02 should be upgraded to Windows Server 2003. B. To achieve the goal, the forest functional level of F02 should be raised to Windows Server 2003 Interim mode. C. To achieve the goal, the forest functional level of F02 should be raised to Windows Server 2003. D. To achieve the goal, the domain controllers in F02 should be upgraded to Windows Server 2008. Answer: C Section: (none) Explanation/Reference:

QUESTION 305 You work as a technology specialist in an international company named Wiikigo. Your major job is to configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active Directory infrastructure and maintaining Active Directory objects. There is an Active Directory forest in your company. And it runs at the functional level of Windows Server 2008. Active Directory Rights Management Services (AD RMS) is implemented. Microsoft SQL Server 2005 is installed. When you try to open the AD RMS administration Web site, the following error message is received. SQL Server does not exist or access denied. Since you are the technical support, you are required to open the AD RMS administration Web site. To achieve the goal, which two actions should be performed to achieve the goal? (Choose more than one.) A. To achieve the goal, the Service Connection Point should be deleted manually in Active Directory Domain Services (AD DS) and AD RMS should be restarted. B. To achieve the goal, IIS should be restarted. C. To achieve the goal, Message Queuing should be installed. D. To achieve the goal, the MSSQLSVC service should be started. Answer: BD Section: (none) Explanation/Reference:

QUESTION 306 You work as a technology specialist in an international company named Wiikigo. Your major job is to configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active

Directory infrastructure and maintaining Active Directory objects. There is a single Active Directory domain in the company network. All domain controllers run Windows Server 2008 is run by all domain controllers. According to the company requirement, you have to identify the Lightweight Directory Access Protocol (LDAP) clients that are using the largest amount of available CPU resources on a domain controller. So what action should you perform? A. The Active Directory Diagnostics Data Collector Set should be run. The Active Directory Diagnostics report should be reviewed. B. Performance data in Resource Monitor should be reviewed. C. The Hardware Events log in the Event Viewer should be reviewed. D. The LAN Diagnostics Data Collector Set should be run. The LAN Diagnostics report should be reviewed. Answer: A Section: (none) Explanation/Reference: Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement-----

QUESTION 307 You work as a technology specialist in an international company named Wiikigo. Your major job is to configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active Directory infrastructure and maintaining Active Directory objects. There is a Windows Server 2008 Enterprise Root CA in your company. Port 443 and port 80 is prevented from being opened on domain controllers and on the issuing CA by security policy. Since you are the technical support, you are required to permit users to have certificates requested from a Web interface. First, you have the Active Directory Certificate Services (AD CS) server role installed. To achieve the goal, which action should be performed next? A. To achieve the goal, the Certification Authority Web Enrollment Role Service should be configured on a member server. B. To achieve the goal, the Certification Authority Web Enrollment Role Service should be configured on a domain controller. C. To achieve the goal, the Online Responder Role Service should be configured on a member server. D. To achieve the goal, the Online Responder Role Service should be configured on a domain controller. Answer: A Section: (none)

Explanation/Reference:

QUESTION 308 You work as a technology specialist in an international company named Wiikigo. Your major job is to configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active Directory infrastructure and maintaining Active Directory objects. There is an Active Directory domain named ad.wiikigo.com in your company. Two domain controllers named DC01 and DC02 are contained by the domain. The DNS Server server role is installed by both domain controllers. A new DNS server named DNS01.wiikigo.com is installed on the perimeter network. DC01 is configured to have all unresolved name requests forwarded to DNS01.wiikigo.com. A problem occurs that the DNS forwarding option cannot be accessed on DC02. Since you are the technical support, you are required to have DNS forwarding configured on the DC02 server to point to the DNS01.wiikigo.com server. What should be done to achieve the goal? (Choose more than one.) A. B. C. D. To achieve the goal, conditional forwarding should be configured on DC02. To achieve the goal, the Listen On address should be configured on DC02. To achieve the goal, the DNS cache should be cleared on DC02. To achieve the goal, the Root zone should be deleted on DC02.

Answer: AD Section: (none) Explanation/Reference:

QUESTION 309 You work as a technology specialist in an international company named Wiikigo. Your major job is to configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active Directory infrastructure and maintaining Active Directory objects. There is a domain controller, and Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement----Windows Server 2008 is run by the domain controller. The company installs the Windows Server Backup feature on the domain controller. Since you are the technical support, you are required to utilize a current backup file so as to perform a non-authoritative restore of the domain controller. Which action should be performed to achieve the goal?

A. The domain controller should be restarted in safe mode. And then, the Windows Server Backup snap-in should be utilized to perform a critical volume restore. B. The domain controller should be restarted in safe mode. And then, the WBADMIN command should be utilized to perform a critical volume restore. C. The domain controller should be restarted in Directory Services Restore Mode. And then, the WBADMIN command should be utilized to perform a critical volume restore. D. The domain controller should be restarted in Directory Services Restore Mode. And then, the Windows Server Backup snap-in should be utilized to perform a critical volume restore. Answer: C Section: (none) Explanation/Reference:

QUESTION 310 You work as a technology specialist in an international company named Wiikigo. Your major job is to configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active Directory infrastructure and maintaining Active Directory objects. There is a single-domain Active Directory forest in your company. The functional level of the domain plays at the functional level of Windows Server 2008. You perform the following activities: Create a global distribution group. Have users added to the global distribution group. Create a shared folder on a Windows Server 2008 member server. Place the global distribution group in a domain local group that has access to the shared folder. According to the company requirement, you have to make sure that the users have access to the shared folder. So what action should you perform to make sure of this? A. B. C. D. The group type of the global distribution group should be changed to a security group. The scope of the global distribution group should be changed to a Universal distribution group. Raise the forest functional level should be raised to Windows Server 2008. Add the global distribution group should be added to the Domain Administrators group.

Answer: A Section: (none) Explanation/Reference:

QUESTION 311 You work as a technology specialist in an international company named Wiikigo. Your major job is to configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active

Directory infrastructure and maintaining Active Directory objects. There is an Active Directory forest in your company. And multiple domain controllers are included by the Active Directory forest. Windows Server 2008 is run by the domain controllers. Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement----Since you are the technical support, you are required to recover a deleted organizational unit and its child objects. Which actions should be performed to achieve the goal? (Choose four options and out them in correct answer.) 1 The Ntdsutil utility should be utilized to mark the organizational unit as authoritative. 2 The Dsadd utility should be utilized to recreate the organization unit. 3 The system controller should be restarted in Safe Mode. 4 The system state data should be recovered to a date before the organizational unit was deleted. 5 The domain controller should be restarted. 6 The domain controller should be restarted in Directory Services Restore Mode(DSRM). A. B. C. D. 6->4->1->5 3->4->1->5 4->6->2->5 1->4->5->6

Answer: A Section: (none) Explanation/Reference:

QUESTION 312 You work as a technology specialist in an international company named Wiikigo. Your major job is to configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active Directory infrastructure and maintaining Active Directory objects. There is an Active Directory domain in your company. Windows Server 2008 is run by all servers. An Enterprise Root certification authority (CA) and an Enterprise Intermediate CA are utilized by your company. However, the Enterprise Intermediate CA certificate expires. Therefore, you should have a new Enterprise Intermediate CA certificate deployed to all

computers in the domain. Which action should be performed to achieve the goal? A. The new certificate should be imported into the Intermediate Certification Store in the Default Domain Controllers group policy object. B. The new certificate should be imported into the Intermediate Certification Store in the Default Domain group policy object. C. The new certificate should be imported into the Intermediate Certification Store on the Enterprise Root CA server. D. The new certificate should be imported into the Intermediate Certification Store on the Enterprise Intermediate CA server. Answer: B Section: (none) Explanation/Reference:

QUESTION 313 You work as a technology specialist in an international company named Wiikigo. Your major job is to configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active Directory infrastructure and maintaining Active Directory objects. There is a single Active Directory domain Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement----in the company. Windows Server 2003 is run by all domain controllers. You have Windows Server 2008 installed on a server. The new server needs to be added as a domain controller in your domain. So what action should you perform first? A. B. C. D. adprep /rodcprep should be run on a domain controller. adprep /forestprep should be run on a domain controller. dcpromo /adv should be run on the new server. dcpromo /createdcaccount should be run on the new server.

Answer: B Section: (none) Explanation/Reference:

QUESTION 314 You work as a technology specialist in an international company named Wiikigo. Your major job is to configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active Directory infrastructure and maintaining Active Directory objects. In your company, a branch office that is

configured as a separate Active Directory site and has an Active Directory domain controller. The Active Directory site needs a local Global Catalog server to support a new application. According to the company requirement, the domain controller needs to be configured as a global Catalog server. Which tool should be used? A. B. C. D. E. The Active Directory Sites and Services console should be used. The Active Directory Domains and Trusts console should be used. The Dcpromo.exe utility should be used. The Server Manager console should be used. The Computer Management console should be used.

Answer: A Section: (none) Explanation/Reference:

QUESTION 315 You work as a technology specialist in an international company named Wiikigo. Your major job is to configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active Directory infrastructure and maintaining Active Directory objects. There is a head office and a branch office in your company. And they are configured as a single Active Directory forest. You can see the functional level of the Active Directory forest is Windows Server 2003. Four Windows Server 2003 domain controllers are contained in the main office. Since you are the technical support, you are required to make sure that you should be enabled to deploy a read-only domain controller (RODC) at the branch office. To achieve the goal, which actions should be performed to achieve the goal? (Choose more than one.) A. B. C. D. To achieve the goal, a Windows Server 2008 domain controller should be deployed at the head office. To achieve the goal, the adprep/rodcprep command should be run. To achieve the goal, the functional level of the forest should be raised to Windows Server 2008. To achieve the goal, the functional level of the domain should be raised to Windows Server 2008.

Answer: AB Section: (none) Explanation/Reference: Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement-----

QUESTION 316

You work as a technology specialist in an international company named Wiikigo. Your major job is to configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active Directory infrastructure and maintaining Active Directory objects. An Active Directory forest is contained by your network, and one domain is included by the Active Directory forest. Windows Server 2008 is run by all domain controllers and the domain controllers are configured as DNS servers. There is an Active Directory-integrated zone, and two Active Directory sites. Five domain controllers are included by each site. A new NS record should be added to the zone. Therefore, you should make sure that the new NS record is received instantly by all domain controllers. Which action should be performed to finish the task? A. B. C. D. From the Services snap-in, the DNS Server service should be restarted. From the command prompt, repadmin /syncall should be run. From the DNS Manager console, the version number of the SOA record should be increased. From the DNS Manager console, the zone should be reloaded.

Answer: B Section: (none) Explanation/Reference:

QUESTION 317 You work as a technology specialist in an international company named Wiikigo. Your major job is to configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active Directory infrastructure and maintaining Active Directory objects. Complex passwords are required according to the requirement of the company security policy. You have a comma delimited file named import.csv that contains user account information. You need to use the import.csv file to create user accounts in the domain. Besides, you have to make sure that the new user accounts are set to use default passwords and are disabled. So what action should you perform? A. The userAccountControl attribute should be modified to disabled. The ldifde i f import.csv command should be run. Set passwords for the imported user accounts by running the DSADD utility. B. The userAccountControl attribute should be modified to disabled. The csvde i k f import.csv command should be run. Set default passwords for the user accounts by running the DSMOD utility. C. The userAccountControl attribute should be modified to accounts disabled. The csvde f import.csv command should be run. set default passwords for the user accounts by running the DSMOD utility. D. The userAccountControl attribute should be modified to disabled. The wscript import.csv command should be run. Set default passwords for the imported user accounts by running the DSADD utility. Answer: B Section: (none)

Explanation/Reference:

QUESTION 318 You work as a technology specialist in an international company named Wiikigo. Your major job is to configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active Directory infrastructure and maintaining Active Directory objects. There is an Active Directory domain in the company. A DNS server named DNS01 is contained by the head office. DNS01 is configured with Active Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement----Directory-integrated DNS. A DNS server named DNS02 and a secondary copy of the zone file from DNS01 are included by the branch office. The company connects the two offices with an unreliable WAN link. A new server is added to the head office. After the server has been added for ten minutes, it is reported by a user from the branch office that the new server is unavailable. Since you are the technical support, you are required to make sure that the user can get access to the new server. Which action should be performed to achieve the goal? A. B. C. D. To achieve the goal, the zone on DNS01 should be reloaded. To achieve the goal, the zone on DNS02 should be refreshed. To achieve the goal, the zone should be exported from DNS01 and imported to DNS02. To achieve the goal, the cache on DNS02 should be cleared.

Answer: B Section: (none) Explanation/Reference:

QUESTION 319 You work as a technology specialist in an international company named Wiikigo. Your major job is to configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active Directory infrastructure and maintaining Active Directory objects. An Active Directory forest named wiikigo.com is contained by your network. Windows Server 2008 is run by all servers. The company configures all domain controllers as DNS servers. The company has the wiikigo.com DNS zone stored in the ForestDnsZones Active Directory application partition. In addition, you have a member server and a standard primary DNS zone for dev.wiikigo.com is included by the member server. According to the

company requirements, you are required to make sure that all domain controllers can have names resolved for dev.wiikigo.com. Which action should be performed to achieve the goal? A. B. C. D. To achieve the goal, the properties of the SOA record should be changed in the wiikigo.com zone. To achieve the goal, a NS record should be created in the wiikigo.com zone. To achieve the goal, a delegation should be created in the wiikigo.com zone. To achieve the goal, a standard secondary zone should be created on a Global Catalog server.

Answer: C Section: (none) Explanation/Reference:

QUESTION 320 You work as a technology specialist in an international company named Wiikigo. Your major job is to configure Windows Server 2008 Active Directory. And you are experienced in configuring the Active Directory infrastructure and maintaining Active Directory objects. There is a Windows Server 2008 Enterprise Root certification authority (CA). Members of the Account Operators group should be offered with the ability to only manage Basic EFS certificates. The Account Operators group is granted the Issue and Manage Certificates permission on the CA. To achieve the goal, which actions should be performed? (Choose more than one.) A. To achieve the goal, all unnecessary certificate templates that are assigned should be migrated to the Account Operators group. Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement----B. To achieve the goal, the Restrict Enrollment Agents option should be enabled on the CA. C. To achieve the goal, the Restrict Certificate Managers option should be enabled on the CA. D. To achieve the goal, the Basic EFS certificate template should be added for the Account Operators group. E. To achieve the goal, the Account Operators group the Manage CA permission should be granted on the CA. Answer: ACD Section: (none) Explanation/Reference:

QUESTION 321

A. B. C. D. Answer: Section: (none) Explanation/Reference:

QUESTION 322 Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement-----

A. B. C. D. Answer: Section: (none) Explanation/Reference:

QUESTION 323

A. B. C. D. Answer: Section: (none) Explanation/Reference: Need Microsoft Cert Fast? We can pass the exams for you In 7 Days Only! No Training! No Need to Take

Exams! 100% Passing Guaranteed Website: http://www.click2cert.com Contact Email/MSN: itcert@consultant.com Yahoo Messenger: itcertquick@yahoo.com -----Advertisement-----