FREE MCTS 70 640: Active Directory, Configuring Question and Answers

Question 1

There is only one Active Directory domain in your network. Every domain controller is active Operating System 2003.
The domain controllers are all upgraded to Windows Server 2008.
The Active Directory system has to be set up to accommodate the use of multiple password policies.
What should you do?

Accepted Answer

Raise the functional level of the domain to Windows Server 2008

Answer

Multiple password policies, also known as Fine-Grained Password Policies, are a feature introduced in Windows Server 2008 Active Directory. To enable and utilize this advanced security feature, the Active Directory domain functional level must be raised to Windows Server 2008 or higher. This ensures that the necessary Active Directory schema extensions and capabilities are available.

Question 2

Intranet.contoso.com is the only Active Directory domain owned by your business. Windows Server 2008 R2 is used by all domain controllers. Windows is the domain functional level.
Windows 2000 is native and the forest functional level.
You must make sure that user accounts can use the UPN suffix for contoso.com.
What should you start with

Accepted Answer

Add the new UPN suffix to the forest.

Answer

To allow user accounts in an Active Directory domain (e.g., intranet.contoso.com) to use an alternative User Principal Name (UPN) suffix (e.g., contoso.com), that suffix must first be explicitly added to the Active Directory forest. This action makes the new UPN suffix available for selection when configuring user accounts. The domain or forest functional level does not need to be raised for this specific task.

Question 3

You have two servers, Server1 and Server2, respectively. Windows Server 2008 is used by both servers. R2. Enterprise root certification authority (CA) configuration is set up on Server1.
On Server2, you set up the Online Responder role service.
Server1 must be set up to handle the Online Responder.
What ought you to do?

Accepted Answer

Configure the Authority Information Access (AIA) extension.

Answer

To enable an Online Responder (OCSP) to function correctly with a Certification Authority (CA), the CA must be configured to include the Online Responder's URL in the Authority Information Access (AIA) extension of issued certificates. This configuration allows clients to discover and use the Online Responder to check the revocation status of certificates. Without this, clients wouldn't know where to find the OCSP service.

Question 4

Active Directory forests with the names contoso.com and fabrikam.com exist within your organization.
Three DNS servers designated DNS1, DNS2, and DNS3, are part of the firm network. The configuration of the DNS servers is displayed in the following table.
DNS3 is set as the primary DNS server on each computer in the fabrikam.com domain. The preferred DNS server for the rest of the PCs is DNS1.
The servers for the contoso.com domain are inaccessible to users from the fabrikam.com domain.
You must make sure that any contoso.com queries may be answered by users of the fabrikam.com domain.
What ought you to do?

Accepted Answer

Configure conditional forwarding on DNS3 to forward contoso.com queries to DNS1.

Answer

Users in the fabrikam.com domain are configured to use DNS3 as their primary DNS server. To ensure these users can resolve queries for the contoso.com domain, DNS3 needs a mechanism to forward those specific queries to the appropriate DNS server for contoso.com. Configuring conditional forwarding on DNS3 to send contoso.com queries to DNS1 (which hosts contoso.com) will achieve this, enabling cross-domain name resolution.

Question 5

There is only one Active Directory domain in your network. Every domain controller is active Operating System 2008 R2. Both the Audit directory services access setting and the Audit account management policy setting are turned on for the entire domain. The ability to log changes to Active Directory objects must be present. The old and new values of any attributes must be included in the modifications that were logged.
What ought you to do?

Accepted Answer

Run auditpol.exe and then configure the Security settings of the Domain Controllers OU.

Answer

To log changes to Active Directory objects, including old and new attribute values, you need to enable specific advanced auditing policies and configure object-level auditing. Running `auditpol.exe` allows for granular control over auditing categories, and then configuring the Security settings (SACLs) on the Active Directory objects within the Domain Controllers OU (or the domain itself) specifies *what* changes to audit. This combination ensures detailed logging of attribute modifications.

MCTS 70-640 Exam Practice Test

MCTS 70-640 Exam Practice Test

FREE MCTS 70 640: Active Directory, Configuring Question and Answers