If you can't read please download the document
Upload
blueberrysenu
View
583
Download
2
Tags:
Embed Size (px)
Citation preview
Microsoft 70-640 - NowFixedAnonymousNumber: 70-640 Passing Score: 700 Time Limit : 145 min 70-640 Exam Windows Server 2008 Active Directory Configuring Thanks To Everyone Who Contributed To This Prep Exam.
NowAnonymous [Reduced Questions from 468Q to 223Q] ^ Anon [Fixed Answers based on posts] ^ NowAnonymous [Exam K.50q / Exam L.15q] ^ Anon [.PDF pass4sure] ^ Andyfx ^ Maxbox ^ Cooper ^ Newton - Study Hard - Don't Just Memories, Try To Understand The Material GOOD LUCK
Exam A QUESTION 1 You create a new Active Directory domain. The functional level of the domain is Windows Server 2003. The domain contains five domain controllers that run Windows Server 2008 R2. You need to monitor the replication of the group policy template files. Which tool should you use? A. B. C. D. Dfsrdiag Fsutil Ntdsutil Ntfrsutl
Correct Answer: D Section: (none) Explanation Explanation/Reference: QUESTION 2 You have a domain controller named Server1 that runs Windows Server 2008 R2. You need to determine the size of the Active Directory database on Server1. What should you do? A. B. C. D. Run the Active Directory Sizer tool. Run the Active Directory Diagnostics data collector set. From Windows Explorer, view the properties of the %systemroot%\ntds\ntds.dit file. From Windows Explorer, view the properties of the %systemroot%\sysvol\domain folder.
Correct Answer: C Section: (none) Explanation Explanation/Reference: QUESTION 3 You need to receive an e-mail message whenever a domain user account is locked out. Which tool should you use? A. B. C. D. Active Directory Administrative Center Event Viewer Resource Monitor Security Configuration Wizard
Correct Answer: B Section: (none) Explanation Explanation/Reference: QUESTION 4 Your network contains an Active Directory domain named contoso.com. You have a management computer named Computer1 that runs Windows 7.
You need to forward the logon events of all the domain controllers in contoso.com to Computer1. All new domain controllers must be dynamically added to the subscription. What should you do? A. From Computer1, configure source-initiated event subscriptions. From a Group Policy object (GPO) linked to the Domain Controllers organizational unit (OU), configure the Event Forwarding node. B. From Computer1, configure collector-initiated event subscriptions. From a Group Policy object (GPO) linked to the Domain Controllers organizational unit (OU), configure the Event Forwarding node. C. From Computer1, configure source-initiated event subscriptions. Install a server authentication certificate on Computer1. Implement autoenrollment for the Domain Controllers organizational unit (OU). D. From Computer1, configure collector-initiated event subscriptions. Install a server authentication certificate on Computer1. Implement autoenrollment for the Domain Controllers organizational unit (OU). Correct Answer: A Section: (none) Explanation Explanation/Reference: QUESTION 5 Your network contains an Active Directory domain that has two sites. You need to identify whether logon scripts are replicated to all domain controllers. Which folder should you verify? A. B. C. D. GroupPolicy NTDS SoftwareDistribution SYSVOL
Correct Answer: D Section: (none) Explanation Explanation/Reference: QUESTION 6 You install a standalone root certification authority (CA) on a server named Server1. You need to ensure that every computer in the forest has a copy of the root CA certificate installed in the local computer's Trusted Root Certification Authorities store. Which command should you run on Server1? A. certreq.exe and specify the -accept parameter B. certreq.exe and specify the -retrieve parameter C. certutil.exe and specify the -dspublish parameter D. certutil.exe and specify the -importcert parameter Correct Answer: C Section: (none) Explanation Explanation/Reference:
QUESTION 7 Your network contains an Active Directory forest. The forest contains two domains. You have a standalone root certification authority (CA). On a server in the child domain, you run the Add Roles Wizard and discover that the option to select an enterprise CA is disabled. You need to install an enterprise subordinate CA on the server. What should you use to log on to the new server? A. B. C. D. an account that is a member of the Certificate Publishers group in the child domain an account that is a member of the Certificate Publishers group in the forest root domain an account that is a member of the Schema Admins group in the forest root domain an account that is a member of the Enterprise Admins group in the forest root domain
Correct Answer: D Section: (none) Explanation Explanation/Reference: QUESTION 8 You have an enterprise subordinate certification authority (CA). You have a group named Group1. You need to allow members of Group1 to publish new certificate revocation lists. Members of Group1 must not be allowed to revoke certificates. What should you do? A. B. C. D. Add Group1 to the local Administrators group. Add Group1 to the Certificate Publishers group. Assign the Manage CA permission to Group1. Assign the Issue and Manage Certificates permission to Group1.
Correct Answer: C Section: (none) Explanation Explanation/Reference: QUESTION 9 You have an enterprise subordinate certification authority (CA) configured for key archival. Three key recovery agent certificates are issued. The CA is configured to use two recovery agents. You need to ensure that all of the recovery agent certificates can be used to recover all new private keys. What should you do? A. B. C. D. Add a data recovery agent to the Default Domain Policy. Modify the value in the Number of recovery agents to use box. Revoke the current key recovery agent certificates and issue three new key recovery agent certificates. Assign the Issue and Manage Certificates permission to users who have the key recovery agent certificates.
Correct Answer: B
Section: (none) Explanation Explanation/Reference: QUESTION 10 You have an enterprise subordinate certification authority (CA). The CA is configured to use a hardware security module. You need to back up Active Directory Certificate Services on the CA. Which command should you run? A. B. C. D. certutil.exe backup certutil.exe backupdb certutil.exe backupkey certutil.exe store
Correct Answer: A Section: (none) Explanation Explanation/Reference: QUESTION 11 You have Active Directory Certificate Services (AD CS) deployed. You create a custom certificate template. You need to ensure that all of the users in the domain automatically enroll for a certificate based on the custom certificate template. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.) A. In a Group Policy object (GPO), configure the autoenrollment settings. B. In a Group Policy object (GPO), configure the Automatic Certificate Request Settings. C. On the certificate template, assign the Read and Autoenroll permission to the Authenticated Users group. D. On the certificate template, assign the Read, Enroll, and Autoenroll permission to the Domain Users group. Correct Answer: AD Section: (none) Explanation Explanation/Reference: QUESTION 12 You have an enterprise subordinate certification authority (CA). You have a custom Version 3 certificate template. Users can enroll for certificates based on the custom certificate template by using the Certificates console. The certificate template is unavailable for Web enrollment. You need to ensure that the certificate template is available on the Web enrollment pages. What should you do? A. Run certutil.exe pulse. B. Run certutil.exe installcert.
C. Change the certificate template to a Version 2 certificate template. D. On the certificate template, assign the Autoenroll permission to the users. Correct Answer: C Section: (none) Explanation Explanation/Reference: QUESTION 13 You have an enterprise subordinate certification authority (CA). You have a custom certificate template that has a key length of 1,024 bits. The template is enabled for autoenrollment. You increase the template key length to 2,048 bits. You need to ensure that all current certificate holders automatically enroll for a certificate that uses the new template. Which console should you use? A. B. C. D. Active Directory Administrative Center Certification Authority Certificate Templates Group Policy Management
Correct Answer: C Section: (none) Explanation Explanation/Reference: QUESTION 14 Your network contains an Active Directory forest. All domain controllers run Windows Server 2008 Standard. The functional level of the domain is Windows Server 2003. You have a certification authority (CA). The relevant servers in the domain are configured as shown below:
You need to ensure that you can install the Active Directory Certificate Services (AD CS) Certificate Enrollment Web Service on the network. What should you do? A. B. C. D. Upgrade Server1 to Windows Server 2008 R2. Upgrade Server2 to Windows Server 2008 R2. Raise the functional level of the domain to Windows Server 2008. Install the Windows Server 2008 R2 Active Directory Schema updates.
Correct Answer: D
Section: (none) Explanation Explanation/Reference: QUESTION 15 You have a domain controller that runs the DHCP service. You need to perform an offline defragmentation of the Active Directory database on the domain controller. You must achieve this goal without affecting the availability of the DHCP service. What should you do? A. B. C. D. Restart the domain controller in Directory Services Restore Mode. Run the Disk Defragmenter utility. Restart the domain controller in Directory Services Restore Mode. Run the Ntdsutil utility. Stop the Active Directory Domain Services service. Run the Ntdsutil utility. Stop the Active Directory Domain Services service. Run the Disk Defragmenter utility.
Correct Answer: C Section: (none) Explanation Explanation/Reference: QUESTION 16 Your network contains two Active Directory forests named contoso.com and nwtraders.com. A two-way forest trust exists between contoso.com and nwtraders.com. The forest trust is configured to use selective authentication. Contoso.com contains a server named Server1. Server1 contains a shared folder named Marketing. Nwtraders.com contains a global group named G_Marketing. The Change share permission and the Modify NTFS permission for the Marketing folder are assigned to the G_Marketing group. Members of G_Marketing report that they cannot access the Marketing folder. You need to ensure that the G_Marketing members can access the folder from the network. What should you do? A. B. C. D. From Windows Explorer, modify the NTFS permissions of the folder. From Windows Explorer, modify the share permissions of the folder. From Active Directory Users and Computers, modify the computer object for Server1. From Active Directory Users and Computers, modify the group object for G_Marketing.
Correct Answer: C Section: (none) Explanation Explanation/Reference: QUESTION 17 Your network contains an Active Directory forest. You need to add a new user principal name (UPN) suffix to the forest. Which tool should you use? A. B. C. D. Active Directory Administrative Center Active Directory Domains and Trusts Active Directory Sites and Services Active Directory Users and Computers
Correct Answer: B Section: (none) Explanation Explanation/Reference:
QUESTION 18 Your network contains an Active Directory domain. The domain contains two sites named Site1 and Site2. Site 1 contains five domain controllers. Site2 contains one read-only domain controller (RODC). Site1 and Site2 connect to each other by using a slow WAN link. You discover that the cached password for a user named User1 is compromised on the RODC. On a domain controller in Site1, you change the password for User1. You need to replicate the new password for User1 to the RODC immediately. The solution must not replicate other objects to the RODC. Which tool should you use? A. B. C. D. Active Directory Sites and Services Active Directory Users and Computers Repadmin Replmon
Correct Answer: A Section: (none) Explanation Explanation/Reference: QUESTION 19 Your network contains an Active Directory domain named contoso.com. The properties of the contoso.com DNS zone are configured as shown in the exhibit. (Click the Exhibit button.)
You need to update all service location (SRV) records for a domain controller in the domain. What should you do? A. B. C. D. Restart the Netlogon service. Restart the DNS Client service. Run sc.exe and specify the triggerinfo parameter. Run ipconfig.exe and specify the /registerdns parameter.
Correct Answer: A Section: (none) Explanation Explanation/Reference: Explanation: QUESTION 20 Your network contains an Active Directory domain. A user named User1 takes a leave of absence for one year. You need to restrict access to the User1 user account while User1 is away. What should you do? A. B. C. D. From the Default Domain Policy, modify the account lockout settings. From the Default Domain Controller Policy, modify the account lockout settings. From the properties of the user account, modify the Account options. From the properties of the user account, modify the Session settings.
Correct Answer: C Section: (none) Explanation Explanation/Reference: QUESTION 21 Your network contains an Active Directory domain. The domain contains 1,000 user accounts. You have a list that contains the mobile phone number of each user. You need to add the mobile number of each user to Active Directory. What should you do? A. B. C. D. Create a file that contains the mobile phone numbers, and then run ldifde.exe. Create a file that contains the mobile phone numbers, and then run csvde.exe. From Adsiedit, select the CN=Users container, and then modify the properties of the container. From Active Directory Users and Computers, select all of the users, and then modify the properties of the users.
Correct Answer: A Section: (none) Explanation Explanation/Reference: QUESTION 22 Your network contains an Active Directory domain named contoso.com. All domain controllers and member servers run Windows Server 2008. All client computers run Windows 7. From a client computer, you create an audit policy by using the Advanced Audit Policy Configuration settings in the Default Domain Policy Group Policy object (GPO). You discover that the audit policy is not applied to the member servers. The audit policy is applied to the client computers. You need to ensure that the audit policy is applied to all member servers and all client computers. What should you do?
A. B. C. D.
Add a WMI filter to the Default Domain Policy GPO. Modify the security settings of the Default Domain Policy GPO. Configure a startup script that runs auditpol.exe on the member servers. Configure a startup script that runs auditpol.exe on the domain controllers.
Correct Answer: C Section: (none) Explanation Explanation/Reference: QUESTION 23 Your network contains an Active Directory domain. The domain contains a group named Group1. The minimum password length for the domain is set to six characters. You need to ensure that the passwords for all users in Group1 are at least 10 characters long. All other users must be able to use passwords that are six characters long. What should you do first? A. B. C. D. Run the New-ADFineGrainedPasswordPolicy cmdlet. Run the Add-ADFineGrainedPasswordPolicySubject cmdlet. From the Default Domain Policy, modify the password policy. From the Default Domain Controller Policy, modify the password policy.
Correct Answer: A Section: (none) Explanation Explanation/Reference: QUESTION 24 Your company uses an application that stores data in an Active Directory Lightweight Directory Services (AD LDS) instance named Instance1. You attempt to create a snapshot of Instance1 as shown in the exhibit. (Click the Exhibit button.)
You need to ensure that you can take a snapshot of Instance1. What should you do? A. At the command prompt, run net start VSS.
B. At the command prompt, run net start Instance1. C. Set the Startup Type for the Instance1 service to Disabled. D. Set the Startup Type for the Volume Shadow Copy Service (VSS) to Manual. Correct Answer: A Section: (none) Explanation Explanation/Reference: QUESTION 25 Your network contains 10 domain controllers that run Windows Server 2008 R2. The network contains a member server that is configured to collect all of the events that occur on the domain controllers. You need to ensure that administrators are notified when a specific event occurs on any of the domain controllers. You want to achieve this goal by using the minimum amount of administrative effort. What should you do? A. B. C. D. From Event Viewer on the member server, create a subscription. From Event Viewer on each domain controller, create a subscription. From Event Viewer on the member server, run the Create Basic Task Wizard. From Event Viewer on each domain controller, run the Create Basic Task Wizard.
Correct Answer: C Section: (none) Explanation Explanation/Reference: QUESTION 26 Your network contains an Active Directory domain controller named DC1. DC1 runs Windows Server 2008 R2. You need to defragment the Active Directory database on DC1. The solution must minimize downtime on DC1. What should you do first? A. B. C. D. At the command prompt, run net stop ntds. At the command prompt, run net stop netlogon. Restart DC1 in Safe Mode. Restart DC1 in Directory Services Restore Mode (DSRM).
Correct Answer: A Section: (none) Explanation Explanation/Reference: QUESTION 27 Your network contains a single Active Directory domain named contoso.com. An administrator accidentally deletes the _msdsc.contoso.com zone. You recreate the _msdsc.contoso.com zone. You need to ensure that the _msdsc.contoso.com zone contains all of the required DNS records. What should you do on each domain controller? A. B. C. D. Restart the Netlogon service. Restart the DNS Server service. Run dcdiag.exe /fix. Run ipconfig.exe /registerdns.
Correct Answer: A Section: (none) Explanation
Explanation/Reference: QUESTION 28 Your network contains an Active Directory-integrated zone. All DNS servers that host the zone are domain controllers. You add multiple DNS records to the zone. You need to ensure that the records are replicated to all DNS servers. Which tool should you use? A. B. C. D. Dnslint Ldp Nslookup Repadmin
Correct Answer: D Section: (none) Explanation Explanation/Reference: QUESTION 29 Your network contains an Active Directory forest. The forest contains two domains named contoso.com and eu.contoso.com. All domain controllers are DNS servers. The domain controllers in contoso.com host the zone for contoso.com. The domain controllers in eu.contoso.com host the zone for eu.contoso.com. The DNS zone for contoso.com is configured as shown in the exhibit. (Click the Exhibit button.)
You need to ensure that all domain controllers in the forest host a writable copy of _msdsc.contoso.com. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.) A. B. C. D. Create a zone delegation record in the contoso.com zone. Create a zone delegation record in the eu.contoso.com zone. Create an Active Directory-integrated zone for _msdsc.contoso.com. Create a secondary zone named _msdsc.contoso.com in eu.contoso.com.
Correct Answer: AC Section: (none) Explanation
Explanation/Reference: QUESTION 30 You need to compact an Active Directory database on a domain controller that runs Windows Server 2008 R2. What should you do? A. B. C. D. Run defrag.exe /a /c. Run defrag.exe /c /u. From Ntdsutil, use the Files option. From Ntdsutil, use the Metadata cleanup option.
Correct Answer: C Section: (none) Explanation Explanation/Reference: QUESTION 31 Your network contains an Active Directory domain named contoso.com. Contoso.com contains three servers. The servers are configured as shown in the following table.
You need to ensure that users can manually enroll and renew their certificates by using the Certificate Enrollment Web Service. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.) A. B. C. D. Configure the policy module settings. Configure the issuance requirements for the certificate templates. Configure the Certificate Services Client - Certificate Enrollment Policy Group Policy setting. Configure the delegation settings for the Certificate Enrollment Web Service application pool account.
Correct Answer: BC Section: (none) Explanation Explanation/Reference: QUESTION 32 Your network contains an Active Directory domain named contoso.com. Contoso.com contains a member server that runs Windows Server 2008 Standard. You need to install an enterprise subordinate certification authority (CA) that supports private key archival. You must achieve this goal by using the minimum amount of administrative effort. What should you do first? A. B. C. D. Initialize the Trusted Platform Module (TPM). Upgrade the member server to Windows Server 2008 R2 Standard. Install the Certificate Enrollment Policy Web Service role service on the member server. Run the Security Configuration Wizard (SCW) and select the Active Directory Certificate Services Certification Authority server role template check box.
Correct Answer: B
Section: (none) Explanation Explanation/Reference: QUESTION 33 You have an enterprise subordinate certification authority (CA). You have a custom Version 3 certificate template. Users can enroll for certificates based on the custom certificate template by using the Certificates console. The certificate template is unavailable for Web enrollment. You need to ensure that the certificate template is available on the Web enrollment pages. What should you do? A. B. C. D. Run certutil.exe Cpulse. Run certutil.exe Cinstallcert. Change the certificate template to a Version 2 certificate template. On the certificate template, assign the Autoenroll permission to the users.
Correct Answer: C Section: (none) Explanation Explanation/Reference: QUESTION 34 Your network contains an Active Directory domain. The domain contains a member server named Server1 that runs Windows Server 2008 R2. You need to configure Server1 as a global catalog server. What should you do? A. B. C. D. Modify the Active Directory schema. From Ntdsutil, use the Roles option. Run the Active Directory Domain Services Installation Wizard on Server1. Move the Server1 computer object to the Domain Controllers organizational unit (OU).
Correct Answer: C Section: (none) Explanation Explanation/Reference: QUESTION 35 Your network contains three Active Directory forests named Forest1, Forest2, and Forest3. Each forest contains three domains. A two-way forest trust exists between Forest1 and Forest2. A two-way forest trust exists between Forest2 and Forest3. You need to configure the forests to meet the following requirements: Users in Forest3 must be able to access resources in Forest1 Users in Forest1 must be able to access resources in Forest3. The number of trusts must be minimized. What should you do? A. B. C. D. In Forest2, modify the name suffix routing settings. In Forest1 and Forest3, configure selective authentication. In Forest1 and Forest3, modify the name suffix routing settings. Create a two-way forest trust between Forest1 and Forest3.
E. Create a shortcut trust in Forest1 and a shortcut trust in Forest3. Correct Answer: D Section: (none) Explanation Explanation/Reference: QUESTION 36 Your network contains an Active Directory domain. All domain controller run Windows Server 2003. You replace all domain controllers with domain controllers that run Windows Server 2008 R2. You raise the functional level of the domain to Windows Server 2008 R2. You need to minimize the amount of SYSVOL replication traffic on the network. What should you do? A. B. C. D. Raise the functional level of the forest to Windows Server 2008 R2. Modify the path of the SYSVOL folder on all of the domain controllers. On a global catalog server, run repadmin.exe and specify the KCC parameter. On the domain controller that holds the primary domain controller (PDC) emulator FSMO role, run dfsrmig.exe.
Correct Answer: C Section: (none) Explanation Explanation/Reference: QUESTION 37 Your network contains an Active Directory forest. The forest contains two domain controllers. The domain controllers are configured as shown in the following table.
All client computers run Windows 7. You need to ensure that all client computers in the domain keep the same time as an external time server. What should you do? A. B. C. D. From DC1, run the time command. From DC2, run the time command. From DC1, run the w32tm.exe command. From DC2, run the w32tm.exe command.
Correct Answer: D Section: (none) Explanation Explanation/Reference: QUESTION 38 Your network contains an Active Directory domain named contoso.com. Contoso.com contains two domain controllers. The domain controllers are configured as shown in the following table.
All client computers have IP addresses in the 10.1.2.1 to 10.1.2.240 range. You need to minimize the number of client authentication requests sent to DC2. What should you do? A. Create a new site named Site1. Create a new subnet object that has the 10.1.1.0/24 prefix and assign the subnet to Site1. Move DC1 to Site1. B. Create a new site named Site1. Create a new subnet object that has the 10.1.1.1/32 prefix and assign the subnet to Site1. Move DC1 to Site1. C. Create a new site named Site1. Create a new subnet object that has the 10.1.1.2/32 prefix and assign the subnet to Site1. Move DC2 to Site1. D. Create a new site named Site1. Create a new subnet object that has the 10.1.2.0/24 prefix and assign the subnet to Site1. Move DC2 to Site1. Correct Answer: C Section: (none) Explanation Explanation/Reference: QUESTION 39 Active Directory Rights Management Services (AD RMS) is deployed on your network. You need to configure AD RMS to use Kerberos authentication. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.) A. B. C. D. Register a service principal name (SPN) for AD RMS. Register a service connection point (SCP) for AD RMS. Configure the identity setting of the _DRMSAppPool1 application pool. Configure the useAppPoolCredentials attribute in the Internet Information Services (IIS)
Correct Answer: AD Section: (none) Explanation Explanation/Reference: QUESTION 40 Your network contains an Active Directory forest. The forest contains an Active Directory site for a remote office. The remote site contains a read-only domain controller (RODC). You need to configure the RODC to store only the passwords of users in the remote site. What should you do? A. B. C. D. Create a Password Settings object (PSO). Modify the Partial-Attribute-Set attribute of the forest. Add the user accounts of the remote site users to the Allowed RODC Password Replication Group. Add the user accounts of users who are not in the remote site to the Denied RODC Password Replication Group.
Correct Answer: C Section: (none) Explanation Explanation/Reference:
QUESTION 41 Your company has four offices. The network contains a single Active Directory domain. Each office has a domain controller. Each office has an organizational unit (OU) that contains the user accounts for the users in that office. In each office, support technicians perform basic troubleshooting for the users in their respective office. You need to ensure that the support technicians can reset the passwords for the user accounts in their respective office only. The solution must prevent the technicians from creating user accounts. What should you do? A. B. C. D. For each OU, run the Delegation of Control Wizard. For the domain, run the Delegation of Control Wizard. For each office, create an Active Directory group, and then modify the security settings for each group. For each office, create an Active Directory group, and then modify the controlAccessRights attribute for each group.
Correct Answer: A Section: (none) Explanation Explanation/Reference: QUESTION 42 Your network contains a single Active Directory domain. Client computers run either Windows XP Service Pack 3 (SP3) or Windows 7. All of the computer accounts for the client computers are located in an organizational unit (OU) named OU1. You link a new Group Policy object (GPO) named GPO10 to OU1. You need to ensure that GPO10 is applied only to client computers that run Windows 7. What should you do? A. B. C. D. Create a new OU in OU1. Move the Windows XP computer accounts to the new OU. Enable block inheritance on OU1. Create a WMI filter and assign the filter to GPO10. Modify the permissions of OU1.
Correct Answer: C Section: (none) Explanation Explanation/Reference: QUESTION 43 Your network contains an Active Directory domain named contoso.com. You need to audit changes to a service account. The solution must ensure that the audit logs contain the before and after values of all the changes. Which security policy setting should you configure? A. B. C. D. Audit Sensitive Privilege Use Audit User Account Management Audit Directory Service Changes Audit Other Account Management Events
Correct Answer: C Section: (none) Explanation
Explanation/Reference: QUESTION 44 Your network contains two Active Directory forests named contoso.com and nwtraders.com. Active Directory Rights Management Services (AD RMS) is deployed in each forest. You need to ensure that users from the nwtraders.com forest can access AD RMS protected content in the contoso.com forest. What should you do? A. B. C. D. Add a trusted user domain to the AD RMS cluster in the nwtraders.com domain. Create an external trust from nwtraders.com to contoso.com. Add a trusted user domain to the AD RMS cluster in the contoso.com domain. Create an external trust from contoso.com to nwtraders.com.
Correct Answer: C Section: (none) Explanation Explanation/Reference: QUESTION 45 Your network contains a server named Server1 that runs Windows Server 2008 R2. Server1 is configured as an Active Directory Federation Services (AD FS) 2.0 standalone server. You plan to add a new token-signing certificate to Server1. You import the certificate to the server as shown in the exhibit. (Click the Exhibit button.)
When you run the Add Token-Signing Certificate wizard, you discover that the new certificate is unavailable. You need to ensure that you can use the new certificate for AD FS. What should you do? A. B. C. D. From the properties of the certificate, modify the Certificate Policy OIDs setting. Import the certificate to the AD FS 2.0 Windows Service personal certificate store. From the properties of the certificate, modify the Certificate purposes setting. Import the certificate to the local computer personal certificate store.
Correct Answer: D Section: (none) Explanation Explanation/Reference: QUESTION 46 You need to purge the list of user accounts that were authenticated on a read-only domain controller (RODC). What should you do? A. B. C. D. Run the repadmin.exe command and specify the /prp parameter. From Active Directory Sites and Services, modify the properties of the RODC computer object. From Active Directory Users and Computers, modify the properties of the RODC computer object. Run the dsrm.exe command and specify the -u parameter.
Correct Answer: A Section: (none) Explanation Explanation/Reference: QUESTION 47 Your company has a main office and four branch offices. An Active Directory site exists for each office. Each site contains one domain controller. Each branch office site has a site link to the main office site. You discover that the domain controllers in the branch offices sometimes replicate directly to each other. You need to ensure that the domain controllers in the branch offices only replicate to the domain controller in the main office. What should you do? A. B. C. D. Modify the firewall settings for the main office site. Disable the Knowledge Consistency Checker (KCC) for each branch office site. Disable site link bridging. Modify the security settings for the main office site.
Correct Answer: C Section: (none) Explanation Explanation/Reference: QUESTION 48 Your network contains an Active Directory forest. The forest contains one domain. The domain contains two domain controllers named DC1 and DC2 that run Windows Server 2008 R2. DC1 was installed before DC2. DC1 fails. You need to ensure that you can add 1,000 new user accounts to the domain. What should you do?
A. B. C. D.
Modify the permissions of the DC2 computer account. Seize the schema master FSMO role. Configure DC2 as a global catalog server. Seize the RID master FSMO role.
Correct Answer: D Section: (none) Explanation Explanation/Reference: QUESTION 49 Your network contains an Active Directory domain named contoso.com. You need to identify whether the Active Directory Recycle Bin is enabled. What should you do? A. B. C. D. From Ldp, search for the Reanimate-Tombstones object. From Ldp, search for the LostAndFound container. From Windows PowerShell, run the Get-ADObject cmdlet. From Windows PowerShell, run the Get-ADOptionalFeature cmdlet.
Correct Answer: D Section: (none) Explanation Explanation/Reference: QUESTION 50 Your network contains an Active Directory domain. You create and mount an Active Directory snapshot. You run dsamain.exe as shown in the exhibit. (Click the Exhibit button.)
You need to ensure that you can browse the contents of the Active Directory snapshot. What should you?
A. B. C. D.
Stop Active Directory Domain Services (AD DS), and then rerun dsamain.exe. Change the value of the dbpath parameter, and then rerun dsamain.exe. Change the value of the ldapport parameter, and then rerun dsamain.exe. Restart the Volume Shadow Copy Service (VSS), and then rerun dsamain.exe.
Correct Answer: B Section: (none) Explanation Explanation/Reference:
Exam B QUESTION 1 Your network contains an Active Directory domain. You need to back up all of the Group Policy objects (GPOs), Group Policy permissions, and Group Policy links for the domain. What should you do? A. B. C. D. From Group Policy Management Console (GPMC), back up the GPOs. From Windows Explorer, copy the content of the %systemroot%\SYSVOL folder. From Windows Server Backup, perform a system state backup. From Windows PowerShell, run the Backup-GPO cmdlet.
Correct Answer: A Section: (none) Explanation Explanation/Reference: QUESTION 2 Your network contains a domain controller that runs Windows Server 2008 R2. You need to reset the Directory Services Restore Mode (DSRM) password on the domain controller. Which tool should you use? A. B. C. D. Ntdsutil Dsamain Active Directory Users and Computers Local Users and Groups
Correct Answer: A Section: (none) Explanation Explanation/Reference: QUESTION 3 Your network contains an Active Directory forest. All client computers run Windows 7. The network contains a high-volume enterprise certification authority (CA). You need to minimize the amount of network bandwidth required to validate a certificate. What should you do? A. B. C. D. Configure an LDAP publishing point for the certificate revocation list (CRL). Configure an Online Certification Status Protocol (OCSP) responder. Modify the settings of the delta certificate revocation list (CRL). Replicate the certificate revocation list (CRL) by using Distributed File System (DFS).
Correct Answer: B Section: (none) Explanation Explanation/Reference: QUESTION 4 Your network contains an Active Directory domain. You have five organizational units (OUs) named
Finance, HR, Marketing, Sales, and Dev. You link a Group Policy object named GPO1 to the domain as shown in the exhibit. (Click the Exhibit button.)
You need to ensure that GPO1 is applied to users in the Finance, HR, Marketing, and Sales OUs. The solution must prevent GPO1 from being applied to users in the Dev OU. What should you do? A. B. C. D. Enforce GPO1. Modify the security settings of the Dev OU. Link GPO1 to the Finance OU. Modify the security settings of the Finance OU.
Correct Answer: C Section: (none) Explanation Explanation/Reference: QUESTION 5 Your network contains an Active Directory domain. The domain contains an organizational unit (OU) named OU1. OU1 contains all managed service accounts in the domain. You need to prevent the managed service accounts from being deleted accidentally from OU1. Which cmdlet should you use? A. B. C. D. Set-ADUser Set-ADOrganizationalUnit Set-ADServiceAccount Set-ADObject
Correct Answer: D Section: (none) Explanation Explanation/Reference:
QUESTION 6 Your network contains an Active Directory domain named contoso.com. Contoso.com contains a writable domain controller named DC1 and a read-only domain controller (RODC) named DC2. All domain controllers run Windows Server 2008 R2. You need to install a new writable domain controller named DC3 in a remote site. The solution must minimize the amount of replication traffic that occurs during the installation of Active Directory Domain Services (AD DS) on DC3. What should you do first? A. B. C. D. Run dcpromo.exe /createdcaccount on DC3. Run ntdsutil.exe on DC2. Run dcpromo.exe /adv on DC3. Run ntdsutil.exe on DC1.
Correct Answer: C Section: (none) Explanation Explanation/Reference: QUESTION 7 Your network contains an Active Directory forest. The forest contains 10 domains. All domain controllers are configured as global catalog servers. You remove the global catalog role from a domain controller named DC5. You need to reclaim the hard disk space used by the global catalog on DC5. What should you do? A. B. C. D. From Active Directory Sites and Services, run the Knowledge Consistency Checker (KCC). From Active Directory Sites and Services, modify the general properties of DC5. From Ntdsutil, use the Semantic database analysis option. From Ntdsutil, use the Files option.
Correct Answer: D Section: (none) Explanation Explanation/Reference: QUESTION 8 A corporate network includes an Active Directory-integrated zone. All DNS servers that host the zone are domain controllers. You add multiple DNS records to the zone. You need to ensure that the new records are available on all DNS servers as soon as possible. Which tool should you use? A. B. C. D. E. F. G. Ldp Repadmin Ntdsutil Nslookup Active Directory Sites And Services console Active Directory Domains And Trusts console Dnslint
H. Dnscmd Correct Answer: B Section: (none) Explanation Explanation/Reference: Repadmin /syncall http://technet.microsoft.com/en-us/library/cc835086%28v=ws.10%29.aspx QUESTION 9 You have a DNS zone that is stored in a custom application partition. You need to add a domain controller to the replication scope of the custom application partition. Which tool should you use? A. B. C. D. DNScmd DNS Manager Server Manager Dsmod
Correct Answer: A Section: (none) Explanation Explanation/Reference: QUESTION 10 Your network contains a server named Server1 that runs Windows Server 2008 R2 Standard. Server1 has the Active Directory Certificate Services (AD CS) role installed. You configure a certificate template named Template1 for autoenrollment. You discover that certificates are not being issued to any client computers. The event logs on the client computers do not contain any autoenrollment errors. You need to ensure that all of the client computers automatically receive certificates based on Template1. What should you do? A. B. C. D. Modify the Default Domain Policy Group Policy object (GPO). Modify the Default Domain Controllers Policy Group Policy object (GPO). Upgrade Server1 to Windows Server 2008 R2 Enterprise. Restart Certificate Services on Server1.
Correct Answer: A Section: (none) Explanation Explanation/Reference: QUESTION 11 Your network contains a server that has the Active Directory Lightweight Directory Services (AD LDS) role installed. You need to perform an automated installation of an AD LDS instance. Which tool should you use? A. B. C. D. Dism.exe Servermanagercmd.exe Adaminstall.exe Ocsetup.exe
Correct Answer: C
Section: (none) Explanation Explanation/Reference: QUESTION 12 Your network contains an Active Directory domain named contoso.com. A partner company has an Active Directory domain named nwtraders.com. The networks for contoso.com and nwtraders.com connect to each other by using a WAN link. You need to ensure that users in contoso.com can access resources in nwtraders.com and resources on the Internet. What should you do first? A. B. C. D. Modify the Trusted Root Certification Authorities store. Modify the Intermediate Certification Authorities store. Create conditional forwarders. Add a root hint to the DNS server.
Correct Answer: C Section: (none) Explanation Explanation/Reference: QUESTION 13 Your network contains an Active Directory forest. The forest contains multiple domains. You need to ensure that users in the human resources department can search for employees by using the employeeNumber attribute. What should you do? A. From Active Directory Sites and Services, modify the properties of each global catalog server. B. From the Active Directory Schema snap-in, modify the properties of the user object class. C. From Active Directory Sites and Services, modify the NTDS Settings objectof each global catalog server. D. From the Active Directory Schema snap-in, modify the properties of the employeeNumber attribute. Correct Answer: D Section: (none) Explanation Explanation/Reference: QUESTION 14 Your network contains a single Active Directory domain. The domain contains an enterprise certification authority (CA). You need to ensure that the encryption keys for e-mail certificates can be recovered from the CA database. You modify the e-mail certificate template to support key archival. What should you do next? A. Issue the key recovery agent certificate template.
B. Run certutil.exe -recoverkey. C. Run certreq.exe-policy. D. Modify the location of the Authority Information Access (AIA) distribution point. Correct Answer: A Section: (none) Explanation Explanation/Reference: QUESTION 15 Your network contains an Active Directory-integrated DNS zone named contoso.com. You discover that the zone includes DNS records for computers that were removed from the network. You need to ensure that the DNS records are deleted automatically from the zone. What should you do? A. B. C. D. From DNS Manager, set the aging properties. Create a scheduled task that runs dnslint.exe /v /d contoso.com. From DNS Manager, modify the refresh interval of the start of authority (SOA) record. Create a scheduled task that runs ipconfig.exe /flushdns.
Correct Answer: A Section: (none) Explanation Explanation/Reference: QUESTION 16 Your network contains a domain controller that runs Windows Server 2008 R2. You run the following command on the domain controller: dsamain.exe C dbpath c:\$SNAP_201006170326_VOLUMEC$\Windows\NTDS\ntds.ditC ldapport 389 allowNonAdminAccess The command fails. You need to ensure that the command completes successfully. How should you modify the command? A. B. C. D. Change the value of the -dbpath parameter. Include the path to Dsamain. Change the value of the -ldapport parameter. Remove the CallowNonAdminAccess parameter.
Correct Answer: C Section: (none) Explanation Explanation/Reference: QUESTION 17 Your network contains an Active Directory domain. The domain contains 10 domain controllers that run Windows Server 2008 R2. You need to monitor the following information on the domain controllers during the next five days: Memory usage Processor usage The number of LDAP queries
What should you do? A. B. C. D. Create a User Defined Data Collector Set (DCS) that uses the Active Directory Diagnostics template. Use the System Performance Data Collector Set (DCS). Create a User Defined Data Collector Set (DCS) that uses the System Performance template. Use the Active Directory Diagnostics Data Collector Set (DCS).
Correct Answer: A Section: (none) Explanation Explanation/Reference: QUESTION 18 Your network contains an Active Directory domain named contoso.com. Contoso.com contains a domain controller named DC1 and a read-only domain controller (RODC) named RODC1. You need to view the most recent user accounts authenticated by RODC1. What should you do first? A. From Active Directory Sites and Services, right-click the Connection object for DC1, and then click Replicate Now. B. From Active Directory Sites and Services, right-click the Connection object for DC2, and then click Replicate Now. C. From Active Directory Users and Computers, right-click contoso.com, click Change DomainController, and then connect to DC1. D. From Active Directory Users and Computers, right-click contoso.com, click Change Domain Controller, and then connect to RODC1. Correct Answer: C Section: (none) Explanation Explanation/Reference: QUESTION 19 Your network contains an Active Directory domain. The domain contains 3,000 client computers. All of the client computers run Windows 7. Users log on to their client computers by using standard user accounts. You plan to deploy a new application named App1. The vendor of App1 provides a Setup.exe file to install App1. Setup.exe requires administrative rights to run. You need to deploy App1 to all client computers. The solution must meet the following requirements: - App1 must automatically detect and replace corrupt application files. - App1 must be available from the Start menu on each client computer. What should you do first? A. Create a logon script that calls Setup.exe for App1. B. Create a .zap file.
C. Create a startup script that calls Setup.exe for App1. D. Repackage App1 as a Windows Installer package. Correct Answer: D Section: (none) Explanation Explanation/Reference: QUESTION 20 Your network contains an Active Directory domain named contoso.com. Contoso.com contains two sites named Site1 and Site2. Site1 contains a domain controller named DC1. In Site1, you install a new domain controller named DC2. You ship DC2 to Site2. You discover that certain users in Site2 authenticate to DC1. You need to ensure that the users in Site2 always attempt to authenticate to DC2 first. What should you do? A. B. C. D. From Active Directory Users and Computers, modify the Location settings of the DC2 computer object. From Active Directory Sites and Services, modify the Location attribute for Site2. From Active Directory Sites and Services, move the DC2 server object. From Active Directory Users and Computers, move the DC2 computer object.
Correct Answer: C Section: (none) Explanation Explanation/Reference: QUESTION 21 Your network contains an Active Directory domain named contoso.com. Contoso.com contains a server named Server2. You open the System properties on Server2 as shown in the exhibit. (Click the Exhibit button.)
When you attempt to configure Server2 as an enterprise subordinate certification authority (CA), you discover that the enterprise subordinate CA option is unavailable. You need to configure Server2 as an enterprise subordinate CA. What should you do first? A. B. C. D. Upgrade Server2 to Windows Server 2008 R2 Enterprise. Log in as an administrator and run Server Manager. Import the root CA certificate. Join Server2 to the domain.
Correct Answer: D Section: (none) Explanation Explanation/Reference: QUESTION 22 Your network contains an Active Directory domain. The domain contains an enterprise certification authority (CA). You need to ensure that only members of a group named Admin1 can create certificate templates. Which tool should you use to assign permissions to Admin1? A. the Certification Authority console B. Active Directory Users and Computers
C. the Certificates snap-in D. Active Directory Sites and Services Correct Answer: A Section: (none) Explanation Explanation/Reference: QUESTION 23 Your network contains an Active Directory domain. All DNS servers are domain controllers. You view the properties of the DNS zone as shown in the exhibit. (Click the Exhibit button.)
You need to ensure that only domain members can register DNS records in the zone. What should you do first? A. B. C. D. Modify the zone type. Create a trust anchor. Modify the Advanced properties of the DNS server. Modify the Dynamic updates setting.
Correct Answer: A Section: (none) Explanation Explanation/Reference: QUESTION 24 Your company has a single Active Directory forest with a single domain. Consultants in different departments of the company require access to different network resources. The consultants belong to a
global group named TempWorkers. Three file servers are placed in a new organizational unit named SecureServers. The file servers contain confidential data in shared folders. You need to prevent the consultants from accessing the confidential data. What should you do? A. Create a new Group Policy Object (GPO) and link it to the SecureServers organizational unit. Assign the Deny access to this computer from the network user right to the TempWorkers global group. B. Create a new Group Policy Object (GPO) and link it to the domain. Assign the Deny access to this computer from the network user right to the TempWorkers global group. C. On the three file servers, create a share on the root of each hard disk. Configure the Deny Full control permission for the TempWorkers global group on the share. D. Create a new Group Policy Object (GPO) and link it to the domain. Assign the Deny log on locally user right to the TempWorkers global group. E. Create a new Group Policy Object (GPO) and link it to the SecureServers organizational unit. Assign the Deny log on locally user right to the TempWorkers global group. Correct Answer: A Section: (none) Explanation Explanation/Reference: QUESTION 25 Your network contains two Active Directory forests named contoso.com and nwtraders.com. The functional level of both forests is Windows Server 2003. Contoso.com contains one domain. Nwtraders.com contains two domains. You need to ensure that users in contoso.com can access the resources in all domains. The solution must require the minimum number of trusts. Which type of trust should you create? A. B. C. D. external forest realm shortcut
Correct Answer: B Section: (none) Explanation Explanation/Reference: QUESTION 26 You install an Active Directory domain in a test environment. You need to reset the passwords of all the user accounts in the domain from a domain controller. Which two Windows PowerShell commands should you run? (Each correct answer presents part of the solution, choose two.) A. B. C. D. E. F. G. $ newPassword = * Import-Module ActiveDirectory Import-Module WebAdministration Get- AdUser -filter * | Set- ADAccountPossword - NewPassword $ newPassword - Reset Set- ADAccountPossword - NewPassword - Reset $ newPassword = (Read-Host - Prompt "New Password" - AsSecureString ) Import-Module ServerManager
Correct Answer: DF Section: (none) Explanation Explanation/Reference: QUESTION 27 Your network contains two forests named adatum.com and litwareinc.com. The functional level of all the domains is Windows Server 2003. The functional level of both forests is Windows 2000. You need to create a forest trust between adatum.com and litwareinc.com. What should you do first? A. B. C. D. Create an external trust. Raise the functional level of both forests. Configure SID filtering. Raise the functional level of all the domains.
Correct Answer: B Section: (none) Explanation Explanation/Reference: QUESTION 28 Your network contains an Active Directory forest named adatum.com. All client computers used by the marketing department are in an organizational unit (OU) named Marketing Computers. All user accounts for the marketing department are in an OU named Marketing Users. You purchase a new application. You need to ensure that every user in the domain who logs on to a marketing department computer can use the application. The application must only be available from the marketing department computers. What should you do? A. Create and link a Group Policy object (GPO) to the Marketing Users OU. Copy the installation package to a shared folder on the network. Assign the application. B. Create and link a Group Policy object (GPO) to the Marketing Computers OU. Copy the installation package to a shared folder on the network. Assign the application. C. Create and link a Group Policy object (GPO) to the Marketing Computers OU. Copy the installation package to a local drive on each marketing department computer. Publish the application. D. Create and link a Group Policy object (GPO) to the Marketing Users OU. Copy the installation package to a folder on each marketing department computer. Publish the application. Correct Answer: B Section: (none) Explanation Explanation/Reference: QUESTION 29 Your network contains an Active Directory forest named adatum.com. You need to create an Active Directory Rights Management Services (AD RMS) licensing-only cluster.
What should you install before you create the AD RMS root cluster? A. B. C. D. E. The Failover Cluster feature The Active Directory Certificate Services (AD CS) role Microsoft Exchange Server 2010 Microsoft SharePoint Server 2010 Microsoft SQL Server 2008
Correct Answer: E Section: (none) Explanation Explanation/Reference: QUESTION 30 Your network contains an Active Directory domain named contoso.com. The contoso.com domain contains a domain controller named DC1. You create an Active Directory-integrated GlobalNames zone. You add an alias (CNAME) resource record named Server1 to the zone. The target host of the record is server2.contoso.com. When you ping Server1, you discover that the name fails to resolve. You are able to successfully ping server2.contoso.com. You need to ensure that you can resolve names by using the GlobalNames zone. Which command should you run? A. B. C. D. Dnscmd DCl.contoso.com /ZoneAdd GlobalNames /DsPrimary /DP /domain Dnscmd DCl.contoso.com /config /Enableglobalnamessupport forest DnscmdDCl.contoso.com/config/Enableglobalnamessupport1 Dnscmd DCl.contoso.com /ZoneAdd GlobalNames /DsPrimary /DP /forest
Correct Answer: C Section: (none) Explanation Explanation/Reference: QUESTION 31 Your network contains an Active Directory domain named contoso.com. The network has a branch office site that contains a read-only domain controller (RODC) named R0DC1. R0DC1 runs Windows Server 2008 R2. A user logs on to a computer in the branch office site. You discover that the user's password is not stored on R0DC1. You need to ensure that the user's password is stored on RODC1 when he logs on to a branch office site computer. What should you do? A. Modify the RODC s password replication policy by removing the entry for the Allowed RODC Password Replication Group. B. Modify the RODC's password replication policy by adding R0DC1's computer account to the list of allowed users, groups, and computers. C. Add the user's user account to the built-in Allowed RODC Password Replication Group on R0DC1.
D. Add R0DC1's computer account to the built-in Allowed RODC Password Replication Group on R0DC1. Correct Answer: C Section: (none) Explanation Explanation/Reference: QUESTION 32 You deploy an Active Directory Federation Services (AD FS) Federation Service Proxy on a server named Server1. You need to configure the Windows Firewall on Server1 to allow external users to authenticate by using AD FS. Which protocol should you allow on Server1? A. B. C. D. Kerberos SSL SMB RPC
Correct Answer: B Section: (none) Explanation Explanation/Reference: QUESTION 33 Your network contains an Active Directory domain named contoso.com. Contoso.com contains a member server that runs Windows Server 2008 R2 Standard. You need to create an enterprise subordinate certification authority (CA) that can issue certificates based on version 3 certificate templates. You must achieve this goal by using the minimum amount of administrative effort. What should you do first? A. B. C. D. Run the certutil.exe - addenrollmentserver command. Install the Active Directory Certificate Services (AD CS) role on the member server. Upgrade the member server to Windows Server 2008 R2 Enterprise. Run the certutil.exe - installdefaulttemplates command.
Correct Answer: C Section: (none) Explanation Explanation/Reference: QUESTION 34 Your network contains a server named Server1. The Active Directory Rights Management Services (AD RMS) server role is installed on Server1. An administrator changes the password of the user account that is used by AD RMS. You need to update AD RMS to use the new password. Which console should you use?
A. B. C. D.
Active Directory Rights Management Services Active Directory Users and Computers Local Users and Groups Services
Correct Answer: A Section: (none) Explanation Explanation/Reference: QUESTION 35 Your company, Contoso, Ltd., has a main office and a branch office. The offices are connected by a WAN link. Contoso has an Active Directory forest that contains a single domain named ad.contoso.com. The ad.contoso.com domain contains one domain controller named DC1 that is located in the main office. DC1 is configured as a DNS server for the ad.contoso.com DNS zone. This zone is configured as a standard primary zone. You install a new domain controller named DC2 in the branch office. You install DNS on DC2. You need to ensure that the DNS service can update records and resolve DNS queries in the event that a WAN link fails. What should you do? A. B. C. D. Create a new secondary zone named ad.contoso.com on DC2. Create a new stub zone named ad.contoso.com on DC2. Configure the DNS server on DC2 to forward requests to DC1. Convert the ad.contoso.com zone on DC1 to an Active Directory-integrated zone.
Correct Answer: D Section: (none) Explanation Explanation/Reference: QUESTION 36 Your network contains an enterprise certification authority (CA) that runs Windows Server 2008 R2 Enterprise. You enable key archival on the CA. The CA is configured to use custom certificate templates for Encrypted File System (EFS) certificates. You need to archive the private key for all new EFS certificates. Which snap-in should you use? A. B. C. D. E. F. G. H. I. Active Directory Users and Computers Authorization Manager Group Policy Management Enterprise PKI Security Templates TPM Management Certificates Certification Authority Certificate Templates
Correct Answer: H Section: (none) Explanation Explanation/Reference: http://technet.microsoft.com/en-us/library/cc730721 QUESTION 37 Your network contains an enterprise certification authority (CA) that runs Windows Server 2008 R2 Enterprise. You need to ensure that all of the members of a group named Group1 can view the event log entries for Certificate Services. Which snap-in should you use? A. B. C. D. E. F. G. H. I. Certificate Templates Certification Authority Authorization Manager Active Directory Users and Computers TPM Management Security Templates Group Policy Management Enterprise PKI Certificates
Correct Answer: D Section: (none) Explanation Explanation/Reference: QUESTION 38 Your network contains an enterprise certification authority (CA) that runs Windows Server 2008 R2 Enterprise. You need to ensure that users can enroll for certificates that use the IPSEC (Offline request) certificate template Which snap-in should you use? A. B. C. D. E. F. G. H. I. Enterprise PKI TPM Management Certificates Active Directory Users and Computers Authorization Manager Certification Authority Group Policy Management Security Templates Certificate Templates
Correct Answer: I Section: (none) Explanation Explanation/Reference:
QUESTION 39 Your network contains an enterprise certification authority (CA) that runs Windows Server 2008 R2 Enterprise. You have a custom certificate template named Template 1. Template1 is published to the CA. You need to ensure that all of the members of a group named Group1 can enroll for certificates that use Template1. Which snap-in should you use? A. B. C. D. E. F. G. H. I. Security Templates Enterprise PKI Certification Authority Certificate Templates Certificates TPM Management Authorization Manager Group Policy Management Active Directory Users and Computers
Correct Answer: D Section: (none) Explanation Explanation/Reference: QUESTION 40 Your network contains an enterprise certification authority (CA) that runs Windows Server 2008 R2 Enterprise. You need to approve a pending certificate request. Which snap-in should you use? A. B. C. D. E. F. G. H. I. Active Directory Users and Computers Authorization Manager Certification Authority Group Policy Management Certificate Templates TPM Management Certificates Enterprise PKI Security Templates
Correct Answer: C Section: (none) Explanation Explanation/Reference:
Exam C QUESTION 1 Your network contains an Active Directory domain named adatum.com. You need to ensure that IP addresses can be resolved to fully qualified domain names (FQDNs). Under which node in the DNS snap-in should you add a zone? A. B. C. D. E. Reverse Lookup Zones adatum.com Forward Lookup Zones Conditional Forwarders _msdcs.adatum.com
Correct Answer: A Section: (none) Explanation Explanation/Reference: QUESTION 2 Your network contains an Active Directory domain named adatum.com. The domain contains a domain controller named DC1. DC1 has an IP address of 192.168.200.100. You need to identify the zone that contains the Pointer (PTR) record for 0C1. Which zone should you identify? A. B. C. D. adatum.com _msdcs.adatum.com 100.168.192.in-addr.arpa 200.168.192.in-addr.arpa
Correct Answer: D Section: (none) Explanation Explanation/Reference: QUESTION 3 Your network contains an Active Directory forest named adatum.com. The DNS infrastructure fails. You rebuild the DNS infrastructure. You need to force the registration of the Active Directory Service Locator (SRV) records in DNS. Which service should you restart on the domain controllers? A. B. C. D. E. Netlogon DNS Server Network Location Awareness Network Store Interface Service Online Responder Service
Correct Answer: A
Section: (none) Explanation Explanation/Reference: QUESTION 4 Your network contains an Active Directory domain named adatum.com. The password policy of the domain requires that the passwords for all user accounts be changed every 50 days. You need to create several user accounts that will be used by services. The passwords for these accounts must be changed automatically every 50 days. Which tool should you use to create the accounts? A. B. C. D. E. Active Directory Administrative Center Active Directory Users and Computers Active Directory Module for Windows PowerShell ADSI Edit Active Directory Domains and Trusts
Correct Answer: C Section: (none) Explanation Explanation/Reference: QUESTION 5 Your network contains an Active Directory domain. The domain contains several domain controllers. You need to modify the Password Replication Policy on a read-only domain controller (RODC). Which tool should you use? A. B. C. D. E. Group Policy Management Active Directory Domains and Trusts Active Directory Users and Computers Computer Management Security Configuration Wizard
Correct Answer: C Section: (none) Explanation Explanation/Reference: QUESTION 6 Your network contains an Active Directory forest. The forest contains domain controllers that run Windows Server 2008 R2. The functional level of the forest is Windows Server 2003. The functional level of the domain is Windows Server 2008. From a domain controller, you need to perform an authoritative restore of an organizational unit (OU). What should you do first? A. Raise the functional level of the forest B. Modify the tombstone lifetime of the forest.
C. Restore the system state. D. Raise the functional level of the domain. Correct Answer: C Section: (none) Explanation Explanation/Reference: QUESTION 7 Your network contains an Active Directory forest. The forest contains two domains named contoso.com and woodgrovebank.com. You have a custom attribute named Attribute 1 in Active Directory. Attribute 1 is associated to User objects. You need to ensure that Attribute1 is included in the global catalog. What should you do? A. From the Active Directory Schema snap-in, modify the properties of the Attribute 1 attributeSchema object. B. In Active Directory Users and Computers, configure the permissions on the Attribute 1 attribute for User objects. C. From the Active Directory Schema snap-in, modify the properties of the User classSchema object. D. In Active Directory Sites and Services, configure the Global Catalog settings for all domain controllers in the forest. Correct Answer: A Section: (none) Explanation Explanation/Reference: QUESTION 8 Your network contains a server named Server1. Server1 runs Windows Server 2008 R2 and has the Active Directory Lightweight Directory Services (AD LDS) role installed. Server1 hosts two AD LDS instances named Instance1 and Instance2. You need to remove Instance2 from Server1 without affecting Instance1. Which tool should you use? A. B. C. D. NTDSUtil Dsdbutil Programs and Features in the Control Panel Server Manager
Correct Answer: C Section: (none) Explanation Explanation/Reference: QUESTION 9 Your network contains an Active Directory domain. All domain controllers run Windows Server 2008 R2. You need to compact the Active Directory database.
What should you do? A. B. C. D. E. F. G. H. I. J. Run the Get-ADForest cmdlet. Configure subscriptions from Event Viewer. Run the eventcreate.exe command. Configure the Active Directory Diagnostics Data Collector Set (OCS). Create a Data Collector Set (DCS). Run the repadmin.exe command. Run the ntdsutil.exe command. Run the dsquery.exe command. Run the dsamain.exe command. Create custom views from Event Viewer.
Correct Answer: G Section: (none) Explanation Explanation/Reference: QUESTION 10 Your network contains an Active Directory domain. All domain controllers run Windows Server 2008 R2. You need to collect all of the Directory Services events from all of the domain controllers and store the events in a single central computer. What should you do? A. B. C. D. E. F. G. H. I. J. Run the ntdsutil.exe command. Run the repodmin.exe command. Run the Get-ADForest cmdlet. Run the dsamain.exe command. Create custom views from Event Viewer. Run the dsquery.exe command. Configure the Active Directory Diagnostics Data Collector Set (DCS), Configure subscriptions from Event Viewer. Run the eventcreate.exe command. Create a Data Collector Set (DCS).
Correct Answer: H Section: (none) Explanation Explanation/Reference: QUESTION 11 Your network contains an Active Directory domain. All domain controllers run Windows Server 2008 R2. You need to receive a notification when more than 100 Active Directory objects are deleted per second. What should you do? A. B. C. D. E. Create custom views from Event Viewer. Run the Get-ADForest cmdlet. Run the ntdsutil.exe command. Configure the Active Directory Diagnostics Data Collector Set (DCS). Create a Data Collector Set (DCS).
F. G. H. I. J.
Run the dsamain.exe command. Run the dsquery.exe command. Run the repadmin.exe command. Configure subscriptions from Event Viewer. Run the eventcreate.exe command.
Correct Answer: E Section: (none) Explanation Explanation/Reference: QUESTION 12 Your network contains an Active Directory domain. All domain controllers run Windows Server 2008 R2. You need to create a snapshot of Active Directory. What should you do? A. B. C. D. E. F. G. H. I. J. Run the dsquery.exe command. Run the dsamain.exe command. Create custom views from Event Viewer. Configure subscriptions from Event Viewer. Create a Data Collector Set (DCS). Configure the Active Directory Diagnostics Data Collector Set (DCS). Run the repadmin.exe command. Run the ntdsutil.exe command. Run the Get-ADForest cmdlet. Run the eventcreate.exe command.
Correct Answer: H Section: (none) Explanation Explanation/Reference: QUESTION 13 Your network contains an Active Directory domain. All domain controllers run Windows Server 2008 R2. You mount an Active Directory snapshot. You need to ensure that you can query the snapshot by using LDAP. What should you do? A. B. C. D. E. F. G. H. I. J. Run the dsamain.exe command. Create custom views from Event Viewer. Run the ntdsutil.exe command. Configure subscriptions from Event Viewer. Run the Get-ADForest cmdlet. Create a Data Collector Set (DCS). Run the eventcreate.exe command. Configure the Active Directory Diagnostics Data Collector Set (DCS). Run the repadmin.exe command. Run the dsquery.exe command.
Correct Answer: A Section: (none) Explanation Explanation/Reference:
Exam D QUESTION 1 Your network contains an Active Directory forest named adatum.com. The forest contains four child domains named europe.adatum.com, northamerica.adatum.com, asia. adatum.com, and africa.adatum.com. You need to create four new groups in the forest root domain. The groups must be configured as shown in the following table.
What should you do? To answer, drag the appropriate group type to the correct group name in the answer area. Select and Place:
Correct Answer:
Section: (none) Explanation Explanation/Reference: QUESTION 2 Your network contains an Active Directory domain named adatum.com. You need to use Group Policies to deploy the line-of-business applications shown in the following table.
What should you do? To answer, drag the appropriate deployment method to the correct application in the answer area. Select and Place:
Correct Answer:
Section: (none) Explanation Explanation/Reference: You can use Group Policy to distribute computer programs by using the following methods: Assigning Software You can assign a program distribution to users or computers. If you assign the program to a user, it is installed when the user logs on to the computer. When the user first runs the program, the installation is finalized. If you assign the program to a computer, it is installed when the computer starts, and it is available to all users who log on to the computer. When a user first runs the program, the installation is finalized. Publishing Software You can publish a program distribution to users. When the user logs on to the computer, the published program is displayed in the Add or Remove Programs dialog box, and it can be installed from there. QUESTION 3 Your network contains an Active Directory forest.
The DNS infrastructure fails. You rebuild the DNS infrastructure. You need to force the registration of the Active Directory Service Locator (SRV) records in DNS. Which service should you restart on the domain controllers? To answer, select the appropriate service in the answer area. Point and Shoot:
Correct Answer:
Section: (none) Explanation Explanation/Reference: The Netlogon service would be involved with this. QUESTION 4 Your network contains an Active Directory forest named contoso.com. The password policy of the forest requires that the passwords for all of the user accounts be changed every 30 days. You need to create user accounts that will be used by services. The passwords for these accounts must be changed automatically every 30 days. Which tool should you use to create these accounts? To answer, select the appropriate tool in the answer area. Point and Shoot:
Correct Answer:
Section: (none) Explanation Explanation/Reference: Creating a Managed Service Account Applies To: Windows Server 2008 R2 This topic explains how to use the Active Directory module for Windows PowerShell to create a managed service account. Managed service accounts are used to run various services for applications that are operating in your domain environment. Example 1 The following example demonstrates how to create a service account, SQL-SRV1, in the container Managed Service Accounts in the Fabrikam.com domain: New-ADServiceAccount -Name SQL-SRV1 -Path "CN=Managed Service Accounts,DC=FABRIKAM, DC=COM" QUESTION 5 Your network contains an Active Directory forest named contoso.com. All client computers run Windows 7 Enterprise. You need automatically to create a local group named PowerManagers on each client computer that contains a battery. The solution must minimize the amount of administrative effort. Which node in Group Policy Management Editor should you use? To answer, select the appropriate node in the answer area. Point and Shoot:
Correct Answer:
Section: (none) Explanation Explanation/Reference: Would be a GPO applied to a computer.
Control Panel Settings under Preferences. Select
QUESTION 6 Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named Server1. Server1 has an IP address of 192.168.200.100. You need to view the Pointer (PTR) record for Server1. Which zone should you open in the DNS snap-in to view the record? To answer, select the appropriate zone in the answer area. Point and Shoot:
Correct Answer:
Section: (none) Explanation Explanation/Reference: the corresponding in-addr.arpa zone would be 200.168.192, assuming a default subnet of /24s QUESTION 7 Your network contains an Active Directory domain. You need to create a new site link between two sites named Site1 and Site3. The site link must support the replication of domain objects. Under which node in Active Directory Sites and Services should you create the site link?
To answer, select the appropriate node in the answer area Point and Shoot:
Correct Answer:
Section: (none) Explanation Explanation/Reference: To create a site link Open Active Directory Sites and Services. To open Active Directory Sites and Services, click Start, click Administrative Tools, and then click Active Directory Sites and Services. In the console tree, right-click the intersite transport protocol that you want the site link to use. Where? Active Directory Sites and Services\Sites\Inter-Site Transports\IP or SMTP
Click New Site Link. In Name, type the name for the site link. In Sites not in this site link, click a site to add to the site link, and then click Add. Repeat to add more sites to the site link. To remove a site from the site link, in Sites in this link, click the site, and then click Remove. When you have added the sites that you want to be connected by this site link, click OK. QUESTION 8 Your company has a main office and a branch office. All servers are located in the main office. The network contains an Active Directory forest named adatum.com. The forest contains a domain controller named MainDC that runs Windows Server 2008 R2 Enterprise and a member server named FileServer that runs Windows Server 2008 R2 Standard. You have a kiosk computer named Public_Computer that runs Windows 7. Public_Computer is not connected to the network. You need to join Public_Computer to the adatum.com domain. What should you do? To answer, move the appropriate actions from the Possible Actions list to the Necessary Actions area and arrange them in the correct order. Build List and Reorder:
Correct Answer:
Section: (none) Explanation Explanation/Reference: QUESTION 9 Your network contains two forests named contoso.com and fabrikam.com. The functional level of all the domains is Windows Server 2003. The functional level of both forests is Windows 2000. You need to create a trust between contoso.com and fabrikam.com. The solution must ensure that users from contoso.com
can only access the servers in fabrikam.com that have the Allowed to Authenticate permission set. What should you do? To answer, move the appropriate actions from the Possible Actions list to the Necessary Actions area and arrange them in the correct order. Build List and Reorder:
Correct Answer:
Section: (none) Explanation Explanation/Reference: QUESTION 10 Your network contains an Active Directory forest named contoso.com. You need to create an Active Directory Rights Management Services (AD RMS) licensing-only cluster. What should you do? To answer, move the appropriate actions from the Possible Actions list to the Necessary Actions area and arrange them in the correct order. Build List and Reorder:
Correct Answer:
Section: (none) Explanation Explanation/Reference: QUESTION 11 Your network contains an Active Directory forest named contoso.com. The forest contains a domain controller named DC1 that runs Windows Server 2008 R2 Enterprise and a member server named Server1 that runs Windows Server 2008 R2 Standard. You have a computer named Computer1 that runs Windows 7. Computer1 is not connected to the network. You need to join Computer1 to the contoso.com domain. What should you do? To answer, move the appropriate actions from the Possible Actions list to the Necessary Actions area and arrange them in the correct order. Build List and Reorder:
Correct Answer:
Section: (none) Explanation Explanation/Reference: QUESTION 12 You need to modify the Password Replication Policy on a read-only domain controller (RODC). Which tool should you use? To answer, select the appropriate tool in the answer area. Point and Shoot:
Correct Answer:
Section: (none) Explanation Explanation/Reference: QUESTION 13 Your network contains an Active Directory domain named contoso.com. You need to ensure that IP addresses can be resolved to fully qualified domain names (FQDNs). Under which node in the DNS snap-in should you add a zone? To answer, select the appropriate node in the answer area. Point and Shoot:
Correct Answer:
Section: (none) Explanation Explanation/Reference: QUESTION 14 Your company has two domain controllers named DC1 and DC2. DC1 hosts all domain and forest operations master roles. DC1 fails. You need to rebuild DC1 by reinstalling the operating system. You also need to rollback all operations master roles to their original state. You perform a metadata cleanup and remove all references of DC1. Which three actions should you perform next? (To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.) Build List and Reorder:
Correct Answer:
Section: (none)
Explanation Explanation/Reference: QUESTION 15 A server named DC1 has the Active Directory Domain Services (AD DS) role and the Active Directory Lightweight Directory Services (AD LDS) role installed. An AD LDS instance named LDS1 stores its data on the C: drive. You need to relocate the LDS1 instance to the D: drive. Which three actions should you perform in sequence? (To answer, move the three appropriate actions from the list of actions to the answer area and arrange them in the correct order.) Build List and Reorder:
Correct Answer:
Section: (none) Explanation Explanation/Reference: QUESTION 16 You need to perform an offline defragmentation of an Active Directory database. Which four actions should you perform in sequence? (To answer, move the appropriate four actions from the list of actions to the answer area and arrange them in the correct order.) Build List and Reorder:
Correct Answer:
Section: (none) Explanation Explanation/Reference: QUESTION 17 Your company has an Active Directory forest that contains multiple domain controllers. The domain controllers run Windows Server 2008. You need to perform an an authoritative restore of a deleted orgainzational unit and its child objects. Which four actions should you perform in sequence? (To answer, move the appropriate four actions from the list of actions to the answer area, and arrange them in the correct order.) Build List and Reorder:
Correct Answer:
Section: (none) Explanation Explanation/Reference: QUESTION 18 ABC.com has an Active Directory forest on a single domain. The domain operates Windows Server 2008. A new administrator accidentally deletes the entire organizational unit in the Active Directory database that hosts 6000 objects. You have backed up the system state data using third-party backup software. To restore backup, you start the domain controller in the Directory Services Restore Mode (DSRM). You need to perform an authoritative restore of the organizational unit and restore the domain controller to its original state. Which three actions should you perform? Build List and Reorder:
Correct Answer:
Section: (none) Explanation Explanation/Reference:
Exam E QUESTION 1 Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 and a domain controller named DC1. On Server1, you configure a collector-initiated subscription for the Application log of DC1. The subscription is configured to collect all events. After several days, you discover that Server1 failed to collect any events from DC1, although there are more than 100 new events in the Application log of DC1. You need to ensure that Server1 collects events from DC1. What should you do? A. B. C. D. On Server1, run wecutil quick-config. On Server1, run winrm quickconfig. On DC1, run wecutil quick-config. On DC1, run winrm quickconfig.
Correct Answer: D Section: (none) Explanation Explanation/Reference: http://technet.microsoft.com/en-us/library/cc748890 QUESTION 2 A network contains an Active Directory Domain Services (AD DS) domain. Active Directory is configured as shown in the following table.
The functional level of the domain is Windows Server 2008 R2. The functional level of the forest is Windows Server 2003. Active Directory replication between the Seattle site and the Chicago site occurs from 8:00 P.M. to 1:00 A. M. every day. At 7:00 A.M. an administrator deletes a user account while he is logged on to DC001. You need to restore the deleted user account. You must achieve this goal by using the minimum administrative effort. What should you do? A. B. C. D. On DC006, stop AD DS, perform an authoritative restore, and then start AD DS. On DC001, run the Restore-ADObject cmdlet. On DC006, run the Restore-ADObject cmdlet. On DC001, stop AD DS, restore the system state, and then start AD DS.
Correct Answer: A Section: (none) Explanation Explanation/Reference: http://technet.microsoft.com/en-us/library/cc755296(v=ws.10).aspx
QUESTION 3 Your network contains an Active Directory domain. The domain is configured as shown in the exhibit.
You have a Group Policy Object (GPO) linked to the domain. You need to ensure that the settings in the GPO are not processed by user accounts or computer accounts in the Finance organizational unit (OU). You must achieve this goal by using the minimum amount of administrative effort. What should you do? A. B. C. D. E. F. G. H. I. J. Modify the Group Policy permissions. Configure WMI filtering. Enable block inheritance. Enable loopback processing in replace mode. Configure the link order. Configure Group Policy Preferences. Link the GPO to the Human Resources OU. Configure Restricted Groups. Enable loopback processing in merge mode. Link the GPO to the Finance OU.
Correct Answer: C Section: (none) Explanation Explanation/Reference: http://technet.microsoft.com/en-us/library/cc731076.aspx QUESTION 4 Your network contains an Active Directory domain named contoso.com. You have an organizational unit (OU) named Sales and an OU named Engineering. You have two Group Policy Objects (GPOs) named GPO1 and GPO2. GPO1 and GPO2 are linked to the Sales OU and contain multiple settings.
You discover that GPO2 has a setting that conflicts with a setting in GPO1. When the policies are applied, the setting in GPO2 takes effect. You need to ensure that the settings in GPO1 supersede the settings in GPO2. The solution must ensure that all non-conflicting settings in both GPOs are applied. What should you do? A. B. C. D. E. F. G. H. I. J. Configure Restricted Groups. Configure the link order. Link the GPO to the Sales OU. Link the GPO to the Engineer OU. Enable loopback processing in merge mode. Modify the Group Policy permissions. Configure WMI filtering. Configure Group Policy Permissions. Enable loopback processing in replace mode. Enable block inheritance.
Correct Answer: B Section: (none) Explanation Explanation/Reference: http://technet.microsoft.com/en-us/library/cc757050(v=ws.10).aspx#BKMK_change QUESTION 5 All vendors belong to a global group named vendors. You place three file servers in a new organizational unit (OU) named ConfidentialFileServers. The three file servers contain confidential data located in shared folders. You need to record any failed attempts made by the vendors to access the confidential data. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.) A. Create a new Group Policy Object (GPO) and link it to the CONFIDENTIALFILESERVERS OU. Configure the Audit object access failure audit policy setting. B. Create a new Group Policy Object (GPO) and link it to the CONFIDENTIALFILESERVERS OU. Configure the Audit privilege use Failure audit policy setting. C. On each shared folder on the three file servers, add the Vendors global group to the Auditing tab. Configure Failed Full control setting in the AuditingEntry dialog box. D. On each shared folder on the three file servers, add the three servers to the Auditing tab. Configure Failed Full control setting in the AuditingEntry dialog box. E. Create a new Group Policy Object (GPO) and link it to the CONFIDENTIALFILESERVERS OU. Configure the Deny access to this computer from the network user rights setting for the Vendors global group. Correct Answer: AC Section: (none) Explanation Explanation/Reference: QUESTION 6 A corporate network includes a single Active Directory Domain Services (AD DS) domain. The HR department has a dedicated organizational unit (OU) named HR. The HR OU has two sub-OUs:
HR Users and HR Computers. User accounts for the HR department reside in the HR Users OU. Computer accounts for the HR department reside in the HR Computers OU. All HR department employees belong to a security group named HR Employees. All HR department computers belong to a security group named HR PCs. Company policy requires that passwords are a minimum of 6 characters. You need to ensure that, the next time HR department employees change their passwords, the passwords are required to have at least 8 characters. The password length requirement should not change for employees of any other department. What should you do? A. B. C. D. Modify the password policy in the GPO that is applied to the domain. Create a new GPO, with the necessary password policy, and link it to the HR Users OU. Create a fine-grained password policy and apply it to the HR Users OU. Modify the password policy in the GPO that is applied to the domain controllers OU.
Correct Answer: C Section: (none) Explanation Explanation/Reference: QUESTION 7 A corporate network includes a single Active Directory Domain Services (AD DS) domain. All regular user accounts reside in an organisational unit (OU) named Employees. All administrator accounts reside in an OU named Admins. You need to ensure that any time an administrator modifies an employee's name in AD DS, the change is audited. What should you do first? A. Create a Group Policy Object with the Audit directory service access setting enabled and link it to the Employees OU. B. Modify the searchFlags property for the Name attribute in the Schema. C. Create a Group Policy Object with the Audit directory service access setting enabled and link it to the Admins OU. D. Use the Auditpol.exe command-line tool to enable the directoryservicechanges auditing subcategory. Correct Answer: D Section: (none) Explanation Explanation/Reference: QUESTION 8 Your network contains an Active Directory forest named contoso.com. You need to provide a user named User1 with the ability to create and manage subnet objects. The solution must minimize the number of permissions assigned to User1. What should you do? A. B. C. D. From Active Directory Users and Computers, run the Delegation of Control wizard. From Active Directory Administrative Centre, add User1 to the Schema Admins group. From Active Directory Sites and Services, run the Delegation of Control wizard. From Active Directory Administrative Centre, add User1 to the Network Configuration Operators group.
Correct Answer: C Section: (none) Explanation Explanation/Reference: QUESTION 9 A corporate network contains a Windows Server 2008 R2 Active Directory forest. You need to add a User Principle Name (UPN) suffix to the forest. What tool should you use? A. B. C. D. Dsmgmt. Active Directory Domains and Trusts console. Active Directory Users and Computers console. Active Directory Sites and Services console.
Correct Answer: B Section: (none) Explanation Explanation/Reference: QUESTION 10 Your network contains a single Active Directory domain that has two sites named Site1 and Site2. Site1 has two domain controllers named DC1 and DC2. Site2 has two domain controllers named DC3 and DC4. DC3 fails. You discover that replication no longer occurs between the sites. You verify the connectivity between DC4 and the domain controllers in Site1. On DC4, you run repadmin.exe /kcc. Replication between the sites continues t
