MicrosoftTestKing70640v1025byCmC242q打印版.docx

MicrosoftTestKing70640v1025byCmC242q打印版.docx

《MicrosoftTestKing70640v1025byCmC242q打印版.docx》由会员分享，可在线阅读，更多相关《MicrosoftTestKing70640v1025byCmC242q打印版.docx（128页珍藏版）》请在冰豆网上搜索。

MicrosoftTestKing70640v1025byCmC242q打印版

70-640:

WindowsServer2008ActiveDirectoryConfiguring

242Q&As

ExamA

QUESTION1

YournetworkcontainsanActiveDirectorydomain.Therelevantserversinthedomainareconfiguredasshowninthefollowingtable:

Servername

OperatingSystem

Serverrole

Server1

Windows2008

Domaincontroller

Server2

Windows2008R2

Enterpriserootcertificationauthority（CA）

Server3

Windows2008R2

NetworkDeviceEnrollmentService（NDES）

YouneedtoensurethatalldevicecertificaterequestsusetheMD5hashalgorithm.

Whatshouldyoudo?

A.OnServer2,runtheCertutiltool.

B.OnServer1,updatetheCEPEncryptioncertificatetemplate.

C.OnServer1,updatetheExchangeEnrollmentAgent（OfflineRequest）template.

D.OnServer3,setthevalueoftheHKLM\Software\Microsoft\Cryptography\MSCEP\HashAlgorithm\HashAlgorithmregistrykey.

Answer:

D

QUESTION2

YournetworkcontainsanActiveDirectorydomain.

YouhaveaservernamedServer1thatrunsWindowsServer2008R2.Server1isanenterpriserootcertificationauthority（CA）.

YouhaveaclientcomputernamedComputer1thatrunsWindows7.YouenableautomaticcertificateenrollmentforallclientcomputersthatrunWindows7.YouneedtoverifythattheWindows7clientcomputerscanautomaticallyenrollforcertificates.

WhichcommandshouldyourunonComputer1?

A.certreq.exeretrieve

B.certreq.exesubmit

C.certutil.exegetkey

D.certutil.exepulse

Answer:

D

QUESTION3

YournetworkcontainstwoActiveDirectoryforestsnamedand.ThefunctionallevelofbothforestsisWindowsServer2008R2.Eachforestcontainsonedomain.ActiveDirectoryCertificateServices（ADCS）isconfiguredintheforesttoallowusersfrombothforeststoautomaticallyenrollusercertificates.

Youneedtoensurethatallusersintheforesthaveausercertificatefromthecertificationauthority（CA）.

Whatshouldyouconfigureinthedomain?

A.FromtheDefaultDomainControllersPolicy,modifytheEnterpriseTrustsettings.

B.FromtheDefaultDomainControllersPolicy,modifytheTrustedPublisherssettings.

C.FromtheDefaultDomainPolicy,modifytheCertificateEnrollmentpolicy.

D.FromtheDefaultDomainPolicy,modifytheTrustedRootCertificationAuthoritysettings.

Answer:

C

QUESTION4

YouhaveaservernamedServer1thathasthefollowingActiveDirectoryCertificateServices（ADCS）roleservicesinstalled:

-Enterpriserootcertificationauthority（CA）

-CertificateEnrollmentWebService

-CertificateEnrollmentPolicyWebService

Youcreateanewcertificatetemplate.

Externalusersreportthatthenewtemplateisunavailablewhentheyrequestanewcertificate.

Youverifythatallothertemplatesareavailabletotheexternalusers.

Youneedtoensurethattheexternaluserscanrequestcertificatesbyusingthenewtemplate.

WhatshouldyoudoonServer1?

A.Runiisreset.exe/restart.

B.Rungpupdate.exe/force.

C.Runcertutil.exedspublish.

D.RestarttheActiveDirectoryCertificateServicesservice.

Answer:

A

QUESTION5

Yournetworkcontainsanenterpriserootcertificationauthority（CA）.YouneedtoensurethatacertificateissuedbytheCAisvalid.

Whatshouldyoudo?

A.Runsyskey.exeandusetheUpdateoption.

B.Runsigverif.exeandusetheAdvancedoption.

C.Runcertutil.exeandspecifythe-verifyparameter.

D.Runcertreq.exeandspecifythe-retrieveparameter.

Answer:

C

QUESTION6

Youhaveanenterprisesubordinatecertificationauthority（CA）.TheCAissuessmartcardlogoncertificates.

Usersarerequiredtologontothedomainbyusingasmartcard.Yourcompany'scorporatesecuritypolicystatesthatwhenanemployeeresigns,hisabilitytologontothenetworkmustbeimmediatelyrevoked.

Anemployeeresigns.Youneedtoimmediatelypreventtheemployeefromloggingontothedomain.

Whatshouldyoudo?

A.Revoketheemployee'ssmartcardcertificate.

B.Disabletheemployee'sActiveDirectoryaccount.

C.Publishanewdeltacertificaterevocationlist（CRL）.

D.Resetthepasswordfortheemployee'sActiveDirectoryaccount.

Answer:

B

QUESTION7

YouaddanOnlineRespondertoanOnlineResponderArray.YouneedtoensurethatthenewOnlineResponderresolvessynchronizationconflictsforallmembersoftheArray.

Whatshouldyoudo?

A.FromNetworkLoadBalancingManager,setthepriorityIDofthenewOnlineResponderto1.

B.FromNetworkLoadBalancingManager,setthepriorityIDofthenewOnlineResponderto32.

C.FromtheOnlineResponderManagementConsole,selectthenewOnlineResponder,andthenselectSetasArrayController.

D.FromtheOnlineResponderManagementConsole,selectthenewOnlineResponder,andthenselectSynchronizeMemberswithArrayController.

Answer:

C

QUESTION8

YournetworkcontainsaserverthatrunsWindowsServer2008R2.Theserverisconfiguredasanenterpriserootcertificationauthority（CA）.

YouhaveaWebsitethatusesx.509certificatesforauthentication.TheWebsiteisconfiguredtouseamany-to-onemapping.

Yourevokeacertificateissuedtoanexternalpartner.YouneedtopreventtheexternalpartnerfromaccessingtheWebsite.

Whatshouldyoudo?

A.Runcertutil.exe-crl.

B.Runcertutil.exe-delkey.

C.FromActiveDirectoryUsersandComputers,modifythemembershipoftheIIS_IUSRSgroup.

D.FromActiveDirectoryUsersandComputers,modifytheContactobjectfortheexternalpartner.

Answer:

A

QUESTION9

Yourcompany,Contoso,Ltd.,hasamainofficeandabranchoffice.TheofficesareconnectedbyaWANlink.ContosohasanActiveDirectoryforestthatcontainsasingledomainnamed.

ThedomaincontainsonedomaincontrollernamedDC1thatislocatedinthemainoffice.DC1isconfiguredasaDNSserverfortheDNSzone.Thiszoneisconfiguredasastandardprimaryzone.

YouinstallanewdomaincontrollernamedDC2inthebranchoffice.YouinstallDNSonDC2.YouneedtoensurethattheDNSservicecanupdaterecordsandresolveDNSqueriesintheeventthataWANlinkfails.

Whatshouldyoudo?

A.CreateanewstubzonenamedonDC2.

B.ConfiguretheDNSserveronDC2toforwardrequeststoDC1.

C.CreateanewsecondaryzonenamedonDC2.

D.ConvertthezoneonDC1toanActiveDirectory-integratedzone.

Answer:

D

QUESTION10

YourcompanyhastwodomaincontrollersthatareconfiguredasinternalDNSservers.AllzonesontheDNSserversareActiveDirectory-integratedzones.Thezonesallowalldynamicupdates.Youdiscoverthatthezonehasmultipleentriesforthehostnamesofcomputersthatdonotexist.

Youneedtoconfigurethezonetoautomaticallyremoveexpiredrecords.

Whatshouldyoudo?

A.Enableonlysecureupdatesonthezone.

B.Enablescavengingandconfiguretherefreshintervalonthezone.

C.FromtheStartofAuthoritytab,decreasethedefaultrefreshintervalonthezone.

D.FromtheStartofAuthoritytab,increasethedefaultexpirationintervalonthezone.

Answer:

B

QUESTION11

Yourcompanyhasamainofficeandabranchoffice.Thecompanyhasasingle-domainActiveDirectoryforest.

ThemainofficehastwodomaincontrollersnamedDC1andDC2thatrunWindowsServer2008R2.ThebranchofficehasaWindowsServer2008R2read-onlydomaincontroller（RODC）namedDC3.AlldomaincontrollersholdtheDNSServerserverroleandareconfiguredasActiveDirectory-integratedzones.TheDNSzonesonlyallowsecureupdates.

YouneedtoenabledynamicDNSupdatesonDC3.

Whatshouldyoudo?

A.RuntheNtdsutil.exeDSBehaviorcommandsonDC3.

B.RuntheDnscmd.exe/ZoneResetTypecommandonDC3.

C.ReinstallActiveDirectoryDomainServicesonDC3asawritabledomaincontroller.

D.CreateacustomapplicationdirectorypartitiononDC1.ConfigurethepartitiontostoreActiveDirectory-integratedzones.

Answer:

C

QUESTION12

YourcompanyhasamainofficeandfivebranchofficesthatareconnectedbyWANlinks.ThecompanyhasanActiveDirectorydomainnamed.EachbranchofficehasamemberserverconfiguredasaDNSserver.AllbranchofficeDNSservershostasecondaryzonefor.

YouneedtoconfigurethezonetoresolveclientqueriesforatleastfourdaysintheeventthataWANlinkfails.

Whatshouldyoudo?

A.ConfiguretheExpiresafteroptionforthezoneto4days.

B.ConfiguretheRetryintervaloptionforthezoneto4days.

C.ConfiguretheRefreshintervaloptionforthezoneto4days.

D.ConfiguretheMinimum（default）TTLoptionforthezoneto4days.

Answer:

A

QUESTION13

YourcompanyhasanActiveDirectorydomainnamed.ThecompanynetworkhastwoDNSserversnamedDNS1andDNS2.

TheDNSserversareconfiguredasshowninthefollowingtable:

Domainusers,whoareconfiguredtouseDNS2asthepreferredDNSserver,areunabletoconnecttoInternetWebsites.

DNS1

DNS2

_

.（root）

_

YouneedtoenableInternetnameresolutionforallclientcomputers.

Whatshouldyoudo?

A.Createacopyofthe.（root）zoneonDNS1.

B.UpdatethelistofroothintsserversonDNS2.

C.UpdatetheCache.dnsfileonDNS2.ConfigureconditionalforwardingonDNS1.

D.Deletethe.（root）zonefromDNS2.ConfigureconditionalforwardingonDNS2.

Answer:

D

QUESTION14

YourcompanyhasanActiveDirectorydomainnamed.FS1isamemberserverin.

Youaddasecondnetworkinterfacecard,NIC2,toFS1andconnectNIC2toasubnetthatcontainscomputersin