MicrosoftTestKing70640v1025byCmC242q打印版.docx
《MicrosoftTestKing70640v1025byCmC242q打印版.docx》由会员分享,可在线阅读,更多相关《MicrosoftTestKing70640v1025byCmC242q打印版.docx(128页珍藏版)》请在冰豆网上搜索。
MicrosoftTestKing70640v1025byCmC242q打印版
70-640:
WindowsServer2008ActiveDirectoryConfiguring
242Q&As
ExamA
QUESTION1
YournetworkcontainsanActiveDirectorydomain.Therelevantserversinthedomainareconfiguredasshowninthefollowingtable:
Servername
OperatingSystem
Serverrole
Server1
Windows2008
Domaincontroller
Server2
Windows2008R2
Enterpriserootcertificationauthority(CA)
Server3
Windows2008R2
NetworkDeviceEnrollmentService(NDES)
YouneedtoensurethatalldevicecertificaterequestsusetheMD5hashalgorithm.
Whatshouldyoudo?
A.OnServer2,runtheCertutiltool.
B.OnServer1,updatetheCEPEncryptioncertificatetemplate.
C.OnServer1,updatetheExchangeEnrollmentAgent(OfflineRequest)template.
D.OnServer3,setthevalueoftheHKLM\Software\Microsoft\Cryptography\MSCEP\HashAlgorithm\HashAlgorithmregistrykey.
Answer:
D
QUESTION2
YournetworkcontainsanActiveDirectorydomain.
YouhaveaservernamedServer1thatrunsWindowsServer2008R2.Server1isanenterpriserootcertificationauthority(CA).
YouhaveaclientcomputernamedComputer1thatrunsWindows7.YouenableautomaticcertificateenrollmentforallclientcomputersthatrunWindows7.YouneedtoverifythattheWindows7clientcomputerscanautomaticallyenrollforcertificates.
WhichcommandshouldyourunonComputer1?
A.certreq.exeretrieve
B.certreq.exesubmit
C.certutil.exegetkey
D.certutil.exepulse
Answer:
D
QUESTION3
YournetworkcontainstwoActiveDirectoryforestsnamedand.ThefunctionallevelofbothforestsisWindowsServer2008R2.Eachforestcontainsonedomain.ActiveDirectoryCertificateServices(ADCS)isconfiguredintheforesttoallowusersfrombothforeststoautomaticallyenrollusercertificates.
Youneedtoensurethatallusersintheforesthaveausercertificatefromthecertificationauthority(CA).
Whatshouldyouconfigureinthedomain?
A.FromtheDefaultDomainControllersPolicy,modifytheEnterpriseTrustsettings.
B.FromtheDefaultDomainControllersPolicy,modifytheTrustedPublisherssettings.
C.FromtheDefaultDomainPolicy,modifytheCertificateEnrollmentpolicy.
D.FromtheDefaultDomainPolicy,modifytheTrustedRootCertificationAuthoritysettings.
Answer:
C
QUESTION4
YouhaveaservernamedServer1thathasthefollowingActiveDirectoryCertificateServices(ADCS)roleservicesinstalled:
-Enterpriserootcertificationauthority(CA)
-CertificateEnrollmentWebService
-CertificateEnrollmentPolicyWebService
Youcreateanewcertificatetemplate.
Externalusersreportthatthenewtemplateisunavailablewhentheyrequestanewcertificate.
Youverifythatallothertemplatesareavailabletotheexternalusers.
Youneedtoensurethattheexternaluserscanrequestcertificatesbyusingthenewtemplate.
WhatshouldyoudoonServer1?
A.Runiisreset.exe/restart.
B.Rungpupdate.exe/force.
C.Runcertutil.exedspublish.
D.RestarttheActiveDirectoryCertificateServicesservice.
Answer:
A
QUESTION5
Yournetworkcontainsanenterpriserootcertificationauthority(CA).YouneedtoensurethatacertificateissuedbytheCAisvalid.
Whatshouldyoudo?
A.Runsyskey.exeandusetheUpdateoption.
B.Runsigverif.exeandusetheAdvancedoption.
C.Runcertutil.exeandspecifythe-verifyparameter.
D.Runcertreq.exeandspecifythe-retrieveparameter.
Answer:
C
QUESTION6
Youhaveanenterprisesubordinatecertificationauthority(CA).TheCAissuessmartcardlogoncertificates.
Usersarerequiredtologontothedomainbyusingasmartcard.Yourcompany'scorporatesecuritypolicystatesthatwhenanemployeeresigns,hisabilitytologontothenetworkmustbeimmediatelyrevoked.
Anemployeeresigns.Youneedtoimmediatelypreventtheemployeefromloggingontothedomain.
Whatshouldyoudo?
A.Revoketheemployee'ssmartcardcertificate.
B.Disabletheemployee'sActiveDirectoryaccount.
C.Publishanewdeltacertificaterevocationlist(CRL).
D.Resetthepasswordfortheemployee'sActiveDirectoryaccount.
Answer:
B
QUESTION7
YouaddanOnlineRespondertoanOnlineResponderArray.YouneedtoensurethatthenewOnlineResponderresolvessynchronizationconflictsforallmembersoftheArray.
Whatshouldyoudo?
A.FromNetworkLoadBalancingManager,setthepriorityIDofthenewOnlineResponderto1.
B.FromNetworkLoadBalancingManager,setthepriorityIDofthenewOnlineResponderto32.
C.FromtheOnlineResponderManagementConsole,selectthenewOnlineResponder,andthenselectSetasArrayController.
D.FromtheOnlineResponderManagementConsole,selectthenewOnlineResponder,andthenselectSynchronizeMemberswithArrayController.
Answer:
C
QUESTION8
YournetworkcontainsaserverthatrunsWindowsServer2008R2.Theserverisconfiguredasanenterpriserootcertificationauthority(CA).
YouhaveaWebsitethatusesx.509certificatesforauthentication.TheWebsiteisconfiguredtouseamany-to-onemapping.
Yourevokeacertificateissuedtoanexternalpartner.YouneedtopreventtheexternalpartnerfromaccessingtheWebsite.
Whatshouldyoudo?
A.Runcertutil.exe-crl.
B.Runcertutil.exe-delkey.
C.FromActiveDirectoryUsersandComputers,modifythemembershipoftheIIS_IUSRSgroup.
D.FromActiveDirectoryUsersandComputers,modifytheContactobjectfortheexternalpartner.
Answer:
A
QUESTION9
Yourcompany,Contoso,Ltd.,hasamainofficeandabranchoffice.TheofficesareconnectedbyaWANlink.ContosohasanActiveDirectoryforestthatcontainsasingledomainnamed.
ThedomaincontainsonedomaincontrollernamedDC1thatislocatedinthemainoffice.DC1isconfiguredasaDNSserverfortheDNSzone.Thiszoneisconfiguredasastandardprimaryzone.
YouinstallanewdomaincontrollernamedDC2inthebranchoffice.YouinstallDNSonDC2.YouneedtoensurethattheDNSservicecanupdaterecordsandresolveDNSqueriesintheeventthataWANlinkfails.
Whatshouldyoudo?
A.CreateanewstubzonenamedonDC2.
B.ConfiguretheDNSserveronDC2toforwardrequeststoDC1.
C.CreateanewsecondaryzonenamedonDC2.
D.ConvertthezoneonDC1toanActiveDirectory-integratedzone.
Answer:
D
QUESTION10
YourcompanyhastwodomaincontrollersthatareconfiguredasinternalDNSservers.AllzonesontheDNSserversareActiveDirectory-integratedzones.Thezonesallowalldynamicupdates.Youdiscoverthatthezonehasmultipleentriesforthehostnamesofcomputersthatdonotexist.
Youneedtoconfigurethezonetoautomaticallyremoveexpiredrecords.
Whatshouldyoudo?
A.Enableonlysecureupdatesonthezone.
B.Enablescavengingandconfiguretherefreshintervalonthezone.
C.FromtheStartofAuthoritytab,decreasethedefaultrefreshintervalonthezone.
D.FromtheStartofAuthoritytab,increasethedefaultexpirationintervalonthezone.
Answer:
B
QUESTION11
Yourcompanyhasamainofficeandabranchoffice.Thecompanyhasasingle-domainActiveDirectoryforest.
ThemainofficehastwodomaincontrollersnamedDC1andDC2thatrunWindowsServer2008R2.ThebranchofficehasaWindowsServer2008R2read-onlydomaincontroller(RODC)namedDC3.AlldomaincontrollersholdtheDNSServerserverroleandareconfiguredasActiveDirectory-integratedzones.TheDNSzonesonlyallowsecureupdates.
YouneedtoenabledynamicDNSupdatesonDC3.
Whatshouldyoudo?
A.RuntheNtdsutil.exeDSBehaviorcommandsonDC3.
B.RuntheDnscmd.exe/ZoneResetTypecommandonDC3.
C.ReinstallActiveDirectoryDomainServicesonDC3asawritabledomaincontroller.
D.CreateacustomapplicationdirectorypartitiononDC1.ConfigurethepartitiontostoreActiveDirectory-integratedzones.
Answer:
C
QUESTION12
YourcompanyhasamainofficeandfivebranchofficesthatareconnectedbyWANlinks.ThecompanyhasanActiveDirectorydomainnamed.EachbranchofficehasamemberserverconfiguredasaDNSserver.AllbranchofficeDNSservershostasecondaryzonefor.
YouneedtoconfigurethezonetoresolveclientqueriesforatleastfourdaysintheeventthataWANlinkfails.
Whatshouldyoudo?
A.ConfiguretheExpiresafteroptionforthezoneto4days.
B.ConfiguretheRetryintervaloptionforthezoneto4days.
C.ConfiguretheRefreshintervaloptionforthezoneto4days.
D.ConfiguretheMinimum(default)TTLoptionforthezoneto4days.
Answer:
A
QUESTION13
YourcompanyhasanActiveDirectorydomainnamed.ThecompanynetworkhastwoDNSserversnamedDNS1andDNS2.
TheDNSserversareconfiguredasshowninthefollowingtable:
Domainusers,whoareconfiguredtouseDNS2asthepreferredDNSserver,areunabletoconnecttoInternetWebsites.
DNS1
DNS2
_
.(root)
_
YouneedtoenableInternetnameresolutionforallclientcomputers.
Whatshouldyoudo?
A.Createacopyofthe.(root)zoneonDNS1.
B.UpdatethelistofroothintsserversonDNS2.
C.UpdatetheCache.dnsfileonDNS2.ConfigureconditionalforwardingonDNS1.
D.Deletethe.(root)zonefromDNS2.ConfigureconditionalforwardingonDNS2.
Answer:
D
QUESTION14
YourcompanyhasanActiveDirectorydomainnamed.FS1isamemberserverin.
Youaddasecondnetworkinterfacecard,NIC2,toFS1andconnectNIC2toasubnetthatcontainscomputersin