Refresh 70-648: Pass4sure real answers from 286 to 300

Question No. 286

Your network contains two Active Directory forests. One forest contains two domains named contoso.com and na.contoso.com. The other forest contains a domain named nwtraders.com. A forest trust is configured between the two forests. You have a user named User1 in the na.contoso.com domain. User1 reports that he fails to log on to a computer in the nwtraders.com domain by using the user name NA\User1. Other users from na.contoso.com report that they can log on to the computers in the nwtraders.com domain. 

You need to ensure that User1 can log on to the computer in the nwtraders.com domain. 

What should you do? 

A. Enable selective authentication over the forest trust. 

B. Create an external one-way trust from na.contoso.com to nwtraders.com. 

C. Instruct User1 to log on to the computer by using his user principal name (UPN). 

D. Instruct User1 to log on to the computer by using the user name nwtraders\User1. 

Answer: C


Question No. 287

You need to purge the list of user accounts that were authenticated on a read-only domain controller (RODC). 

What should you do? 

A. Run the dsrm.exe command and specify the -u parameter. 

B. Run the repadmin.exe command and specify the /prp parameter. 

C. From Active Directory Sites and Services, modify the properties of the RODC computer object. 

D. From Active Directory Users and Computers, modify the properties of the RODC computer object. 

Answer: A


Question No. 288

Your company has a main office and one branch office. The main office has a print server named Printer1. The branch office has a print server named Printer2. Printer1 manages 15 printers and Printer2 manages seven printers. You add Printer2 to the Print Management console on Printer1. 

You need to send an automatic notification when a printer is not available. 

What should you do? 

A. Configure an e-mail notification for the Printers With Jobs printer filter. 

B. Configure an e-mail notification for the Printers Not Ready printer filter. 

C. Enable the Show informational notifications for local printers option on both print servers. 

D. Enable the Show informational notifications for network printers option on both print servers. 

Answer: B


Question No. 289

Your network contains an Active Directory domain. The domain contains 10 domain controllers that run Windows Server 2008 R2. You need to monitor the following information on the domain controllers during the next five days: 

Memory usageProcessor usageThe number of LDAP queries What should you do? 

A. Use the System Performance Data Collector Set (DCS). 

B. Use the Active Directory Diagnostics Data Collector Set (DCS). 

C. Create a User Defined Data Collector Set (DCS) that uses the System Performance template. 

D. Create a User Defined Data Collector Set (DCS) that uses the Active Directory Diagnostics template. 

Answer: D


Question No. 290

Your company has a main office and a branch office. The network contains a single Active Directory domain. The main office contains a domain controller named DC1. 

You need to install a domain controller in the branch office by using an offline copy of the Active Directory database. 

What should you do first? 

A. From the Ntdsutil tool, create an IFM media set. 

B. From the command prompt, run djoin.exe /loadfile. 

C. From Windows Server Backup, perform a system state backup. 

D. From Windows PowerShell, run the get-ADDomainController cmdlet. 

Answer: A


Question No. 291

Your company has a main office and a branch office. The branch office has an Active Directory site that contains a read-only domain controller (RODC). A user from the branch office reports that his account is locked out. From a writable domain controller in the main office, you discover that the user's account is not locked out. 

You need to ensure that the user can log on to the domain. 

What should you do? 

A. Modify the Password Replication Policy. 

B. Reset the password of the user account. 

C. Run the Knowledge Consistency Checker (KCC) on the RODC. 

D. Restore network communication between the branch office and the main office. 

Answer: D


Question No. 292

Your network contains a domain controller that has two network connections named Internal and Private. 

Internal has an IP address of 192.168.0.20. Private has an IP address of 10.10.10.5. 

You need to prevent the domain controller from registering Host (A) records for the 10.10.10.5 IP address. 

What should you do? 

A. Modify the netlogon.dns file on the domain controller. 

B. Modify the Name Server settings of the DNS zone for the domain. 

C. Modify the properties of the Private network connection on the domain controller. 

D. Disable netmask ordering on the DNS server that hosts the DNS zone for the domain. 

Answer: C


Question No. 293

Your company has 10 servers that run Windows Server 2008 R2. The servers have Remote Desktop Protocol (RDP) enabled for server administration. RDP is configured to use default security settings. All administrators' computers run Windows 7. 

You need to ensure the RDP connections are as secure as possible. 

Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.) 

A. Set the security layer for each server to the RDP Security Layer. 

B. Configure the firewall on each server to block port 3389. 

C. Acquire user certificates from the internal certification authority. 

D. Configure each server to allow connections only to Remote Desktop client computers that use Network Level Authentication. 

Answer: CD


Question No. 294

Your network contains an Active Directory domain named Contoso.com. Contoso.com contains certification authority on CA1. You enable Secure Tunneling Protocol (SSTP) on a server named Server1. A user named User1 attempts to establish an SSTP connection to Server1 and receives the following message:"Error 0xBC... 

Access not CRL Server". You verify that all certificates services are online. 

You need to ensure that certificates are online. 

You need to ensure that User1 can connect to Server1 by using SSTP. 

What should you do first? 

A. Configure User1 for certificate auto enrollment. 

B. Configure a pre-shared key for IPSec on User1`s computer. 

C. Add a certificate to Server1 that contains server1.contoso.com as a Subject Alternative Name (SAN) 

D. Publish the certificate renovation list distribution point (CDP) to a location that is accessible from the Internet. 

Answer: D


Question No. 295

Your company has an Active Directory forest. The company has three locations. Each location has an organizational unit and a child organizational unit named Sales. The Sales organizational unit contains all users and computers of the sales department. The company plans to deploy a Microsoft Office 2007 application on all computers within the three Sales organizational units. 

You need to ensure that the Office 2007 application is installed only on the computers in the Sales organizational units. 

What should you do? 

A. Create a Group Policy Object (GPO) named SalesAPP GPO. Configure the GPO to assign the application to the computer account. Link the SalesAPP GPO to the domain. 

B. Create a Group Policy Object (GPO) named SalesAPP GPO. Configure the GPO to assign the application to the user account. Link the SalesAPP GPO to the Sales organizational unit in each location. 

C. Create a Group Policy Object (GPO) named SalesAPP GPO. Configure the GPO to publish the application to the user account. Link the SalesAPP GPO to the Sales organizational unit in each location. 

D. Create a Group Policy Object (GPO) named SalesAPP GPO. Configure the GPO to assign the application to the computer account. Link the SalesAPP GPO to the Sales organizational unit in each location. 

Answer: D


Question No. 296

Your network contains two DHCP servers named Server1 and Server2. On Server1, you create a scope named Scope1. 

You need to ensure that DHCP clients receive IP addresses from the address range in Scope1 if 

Server1 is unavailable. The solution must prevent both servers from assigning duplicate IP addresses. 

What should you do from the DHCP console? 

A. On Server1, create a superscope. 

B. On Server1, select Scope1, and then run the Split-Scope wizard. 

C. On Server2, create a scope, and then reconcile each scope. 

D. On Server2, create a scope, and then enable Network Access Protection. 

Answer: B


Question No. 297

Your network contains an Active Directory domain. The domain contains a server named Server1. Server1 runs Windows Server 2008 R2. 

You need to mount an Active Directory Lightweight Directory Services (AD LDS) snapshot from Server1. 

What should you do? 

A. Run ldp.exe and use the Bind option. 

B. Run diskpart.exe and use the Attach option. 

C. Run dsdbutil.exe and use the snapshot option. 

D. Run imagex.exe and specify the /mount parameter. 

Answer: C


Question No. 298

Your network contains an Active Directory domain named contoso.com. Contoso.com contains three servers. The servers are configure as shown in the following table. 


You need to ensure that users can manually enroll and renew their certificates by using the Certificate Enrollment Web Service. 

Which two actions should you perform? (Each current answer presents part of the solution. 

Choose two). 

A. Configure the policy module setting. 

B. Configure the issuance requirements for the certificate templates. 

C. Configure the Certificate Services Client - Certificate Enrollment Policy Group Policy setting. 

D. Configure the delegation setting for the Certification Enrollment Web Service application pool account. 

Answer: B,C


Question No. 299

Your network contains an Active Directory domain named contoso.com. The network is configured to use ISATAP. 

You have a server named Server1 that runs Windows Server 2008 R2. 

On Server1, you discover that a tunnel adapter named isatap.contoso.com has a Media State of 

"Media disconnected". 

You confirm that Server1 has a valid network connection and can query the DNS server. 

You need to ensure that the isatap.contoso.com tunnel adapter has an IPv6 address. 

What should you do? 

A. Start the IP Helper service. 

B. Start the IPsec Policy Agent service. 

C. Add a new rule to Windows Firewall. 

D. Add an entry for ISATAP to the Hosts file. 

Answer: A


Question No. 300

Your network contains an Active Directory domain. All domain controllers run Windows Server 2008 R2. 

You need to compact the Active Directory database. 

What should you do? 

A. Run the eventcreate.exe command. 

B. Configure the Active Directory Diagnostics Data Collector Set (DCS). 

C. Run the dsquery.exe command. 

D. Run the repadmin.exe command. 

E. Run the Get-ADForest cmdlet. 

F. Configure subscriptions from Event Viewer. 

G. Create a Data Collector Set (DCS). 

H. Run the dsamain.exe command. 

I. Create custom views from Event Viewer. 

J. Run the ntdsutil.exe command. 

Answer: F