QUESTION 1
Your company has an Active Directory Rights Management Services (AD RMS) server. Users have Windows Vista computers. An Active Directory domain is configured at the Windows Server 2003 functional level. You need to configure AD RMS so that users are able to protect their documents. What should you do?
A. Install the AD RMS client 2.0 on each client computer.
B. Add the RMS service account to the local administrators group on the AD RMS server.
C. Establish an e-mail account in Active Directory Domain Services (AD DS) for each RMS user.
D. Upgrade the Active Directory domain to the functional level of Windows Server 2008.
Answer: C
QUESTION 2
Your company has an Active Directory forest that runs at the functional level of Windows Server 2008. You implement Active Directory Rights Management Services (AD RMS). You install Microsoft SQL Server 2005. When you attempt to open the AD RMS administration Web site, you receive the following error message:
“SQL Server does not exist or access denied.”
You need to open the AD RMS administration Web site. Which two actions should you perform? (Each Answer presents part of the solution. Choose two.)
A. Restart IIS.
B. Install Message Queuing.
C. Start the MSSQLSVC service.
D. Manually delete the Service Connection Point in Active Directory Domain Services (AD DS) and restart AD RMS.
Answer: AC
QUESTION 3
Your company has a main office and 40 branch offices. Each branch office is configured as a separate Active Directory site that has a dedicated read-only domain controller (RODC). An RODC server is stolen from one of the branch offices. You need to identify the user accounts that were cached on the stolen RODC server. Which utility should you use?
A. dsmod.exe
B. ntdsutil.exe
C. Active Directory Sites and Services
D. Active Directory Users and Computers
Answer: D
QUESTION 4
You need to deploy a read-only domain controller (RODC) that runs Windows Server 2008 R2. What is the minimal forest functional level that you should use?
A. Windows Server 2008 R2
B. Windows Server 2008
C. Windows Server 2003
D. Windows 2000
Answer: C
QUESTION 5
Your company has an Active Directory forest that contains a single domain. The domain member server has an Active Directory Federation Services (AD FS) server role installed. You need to configure AD FS to ensure that AD FS tokens contain information from the Active Directory domain. What should you do?
A. Add and configure a new account store.
B. Add and configure a new account partner.
C. Add and configure a new resource partner.
D. Add and configure a Claims-aware application.
Answer: A
QUESTION 6
Your network contains two standalone servers named Server1 and Server2 that have Active Directory Lightweight Directory Services (AD LDS) installed. Server1 has an AD LDS instance. You need to ensure that you can replicate the instance from Server1 to Server2. What should you do on both servers?
A. Obtain a server certificate.
B. Import the MS-User.ldffile.
C. Create a service user account for AD LDS.
D. Register the service location (SRV) resource records.
Answer: C
QUESTION 7
Your network contains a server named Server1 that runs Windows Server 2008 R2. You create an Active Directory Lightweight Directory Services (AD LDS) instance on Server1. You need to create an additional AD LDS application directory partition in the existing instance. Which tool should you use?
A. adaminstall
B. dsadd
C. dsmod
D. ldp
Answer: D
QUESTION 8
Your network contains a server named Server1 that runs Windows Server 2008 R2. On Server1, you create an Active Directory Lightweight Directory Services (AD LDS) instance named Instance1. You connect to Instance1 by using ADSI Edit. You run the Create Object wizard and you discover that there is no User object class. You need to ensure that you can create user objects in Instance1. What should you do?
A. Run the AD LDS Setup Wizard.
B. Modify the schema of Instance1.
C. Modify the properties of the Instance1 service.
D. Install the Remote Server Administration Tools (RSAT).
Answer: B
QUESTION 9
Your network contains an Active Directory domain. The domain contains a server named Server1. Server1 runs Windows Server 2008 R2. You need to mount an Active Directory Lightweight Directory Services (AD LDS) snapshot from Server1. What should you do?
A. Run ldp.exe and use the Bind option.
B. Run diskpart.exeand use the Attachoption.
C. Run dsdbutil.exeand use the snapshotoption.
D. Run imagex.exe and specify the /mountparameter.
Answer: C
QUESTION 10
Your network contains an Active Directory domain named contoso.com. The network contains client computers that run either Windows Vista or Windows 7. Active Directory Rights Management Services (AD RMS) is deployed on the network. You create a new AD RMS template that is distributed by using the AD RMS pipeline. The template is updated every month. You need to ensure that all the computers can use the most up-to-date version of the AD RMS template. You want to achieve this goal by using the minimum amount of administrative effort. What should you do?
A. Upgrade all of the Windows Vista computers to Windows 7.
B. Upgrade all of the Windows Vista computers to Windows Vista Service Pack 2 (SP2).
C. Assign the Microsoft Windows Rights Management Services (RMS) Client Service Pack 2 (SP2) to all users by using a Software Installation extension of Group Policy.
D. Assign the Microsoft Windows Rights Management Services (RMS) Client Service Pack 2 (SP2) to all computers by using a Software Installation extension of Group Policy.
Answer: B
QUESTION 11
Active Directory Rights Management Services (AD RMS) is deployed on your network. Users who have Windows Mobile 6 devices report that they cannot access documents that are protected by AD RMS. You need to ensure that all users can access AD RMS protected content by using Windows Mobile 6 devices. What should you do?
A. Modify the security of the ServerCertification.asmxfile.
B. Modify the security of the MobileDeviceCertification.asmxfile.
C. Enable anonymous authentication for the _wmcs virtual directory.
D. Enable anonymous authentication for the certification virtual directory.
Answer: B
QUESTION 12
Your network contains an Active Directory Rights Management Services (AD RMS) cluster. You have several custom policy templates. The custom policy templates are updated frequently. Some users report that it takes as many as 30 days to receive the updated policy templates. You need to ensure that users receive the updated custom policy templates within seven days. What should you do?
A. Modify the registry on the AD RMS servers.
B. Modify the registry on the users’ computers.
C. Change the schedule of the AD RMS Rights Policy Template Management (Manual) scheduled task.
D. Change the schedule of the AD RMS Rights Policy Template Management (Automated) scheduled task.
Answer: B
QUESTION 13
Your company has a main office and a branch office. The branch office contains a read-only domain controller named RODC1. You need to ensure that a user named Admin1 can install updates on RODC1. The solution must prevent Admin1 from logging on to other domain controllers. What should you do?
A. Run ntdsutil.exeand use the Roles option.
B. Run dsmgmt.exe and use the Local Rolesoption.
C. From Active Directory Sites and Services, modify the NTDS Site Settings.
D. From Active Directory Users and Computers, add the user to the Server Operators group.
Answer: B
QUESTION 14
You install a read-only domain controller (RODC) named RODC1. You need to ensure that a user named User1 can administer RODC1. The solution must minimize the number of permissions assigned to User1. Which tool should you use?
A. Active Directory Administrative Center
B. Active Directory Users and Computers
C. dsadd
D. dsmgmt
Answer: B
QUESTION 15
Your network contains an Active Directory domain. The domain contains two sites named Site1 and Site2. Site1 contains four domain controllers. Site2 contains a read-only domain controller (RODC). You add a user named User1 to the Allowed RODC Password Replication Group. The WAN link between Site1 and Site2 fails. User1 restarts his computer and reports that he is unable to log on to the domain. The WAN link is restored and User1 reports that he is able to log on to the domain. You need to prevent the problem from reoccurring if the WAN link fails. What should you do?
A. Create a Password Settings object (PSO) and link the PSO to User1’s user account.
B. Create a Password Settings object (PSO) and link the PSO to the Domain Users group.
C. Add the computer account of the RODC to the Allowed RODC Password Replication Group.
D. Add the computer account of User1’s computer to the Allowed RODC Password Replication Group.
Answer: D
QUESTION 16
Your company has a main office and a branch office. The network contains an Active Directory domain. The main office contains a writable domain controller named DC1. The branch office contains a read- only domain controller (RODC) named DC2. You discover that the password of an administrator named Admin1 is cached on DC2. You need to prevent Admin1’s password from being cached on DC2. What should you do?
A. Modify the NTDS Site Settings.
B. Modify the properties of the domain.
C. Create a Password Setting object (PSO).
D. Modify the properties of DC2’s computer account.
Answer: D
QUESTION 17
Your network contains an Active Directory domain named contoso.com. The network has a branch office site that contains a read-only domain controller (RODC) named RODC1. RODC1 runs Windows Server 2008 R2. A user named User1 logs on to a computer in the branch office site. You discover that the password of User1 is not stored on RODC1. You need to ensure that User1’s password is stored on RODC1. What should you modify?
A. the Member Of properties of RODC1
B. the Member Of properties of User1
C. the Security properties of RODC1
D. the Security properties of User1
Answer: B
QUESTION 18
Your company has a main office and a branch office. The branch office has an Active Directory site that contains a read-only domain controller (RODC). A user from the branch office reports that his account is locked out. From a writable domain controller in the main office, you discover that the user’s account is not locked out. You need to ensure that the user can log on to the domain. What should you do?
A. Modify the Password Replication Policy.
B. Reset the password of the user account.
C. Run the Knowledge Consistency Checker (KCC) on the RODC.
D. Restore network communication between the branch office and the main office.
Answer: D
QUESTION 19
You deploy an Active Directory Federation Services (AD FS) Federation Service Proxy on a server named Server1. You need to configure the Windows Firewall on Server1 to allow external users to authenticate by using AD FS. Which protocol should you allow on Server1?
A. SMB
B. RPC
C. SSL
D. Kerberos
Answer: C
QUESTION 20
Your network contains a single Active Directory domain. The domain contains five read-only domain controllers (RODCs) and five writable domain controllers. All servers run Windows Server 2008. You plan to install a new RODC that runs Windows Server 2008 R2. You need to ensure that you can add the new RODC to the domain. You want to achieve this goal by using the minimum amount of administrative effort. Which two actions should you perform? (Each Answer presents part of the solution. Choose two.)
A. At the command prompt, run adprep.exe /rodcprep.
B. At the command prompt, run adprep.exe /forestprep.
C. At the command prompt, run adprep.exe /domainprep.
D. From Active Directory Domains and Trusts, raise the functional level of the domain.
E. From Active Directory Users and Computers, pre-stage the RODC computer account.
Answer: BC
Download New Free Passleader 70-648 Sample Questions Help You Pass Exam