1

UNiSOFT Education Center

(70-640)
Questions & Answers With Explanations Number of Questions Included: 213 Version: 2.78

Pages Included: 113

UNiSOFT Education Center

UNiSOFT Education Center 70-640

QUESTION: 1 Unisoftnet.com has an Active Directory forest that contains a single domain named ad.Unisoftnet.com. All domain controllers are configured as DNS servers and have Windows Server 2008 installed. The network has two Active directory-integrated zones: Unisoft-es.com and Unisoft-ws.com. The company has instructed you to make sure that a user is able to modify records in Unisoft-es.com while preventing the user from modifying the SOA record in Unisoft-ws.com zone. What should you do to achieve this task? A. Modify the permissions of the Unisoft-es.com zone by accessing the DNS Manager Console B. Configure the user permissions on Unisoft-es.com to include all the users and configure the user permissions on Unisoft-ws.com to allow only the administrators group to modify the records C. Modify the permission of Unisoft-ws.com zone by accessing the DNS Manager Console D. Modify the Domain Controllers organizational unit by accessing the Active Directory Users and Computers console. E. None of the above. Answer:A Explanation: To allow the user to modify records in Unisoft-es.com and prevent him/her from modifying the SOA record in Unisoft-ws.com zone, you should set the permissions of Unisoft-es.com through DNS Manager Console. You set the permissions for the users to modify the records in Unisoft-es.com. By setting permission on one Active directory-integrated zone, you will be preventing the users from modifying anything else on the other zones.

QUESTION: 2 Unisoftnet.com has an Active Directory Domain Controller. All domain controllers are configured as DNS servers and have Windows Server 2008 installed. Only one Active-Directory integrated DNS zone is configured on the domain. You need to make sure that outdated DNS records are removed from the DNS zone automatically. What should you do to achieve this task? A. Modify the TTL of the SOA record by accessing the zone properties B. Disable updates from the zone properties C. Execute netsh/Reset DNS command from the Command prompt D. Enable Scavenging by accessing the zone properties

UNiSOFT Education Center

UNiSOFT Education Center 70-640

E. None of the above Answer:D Explanation: To remove the outdated DNS records from the DNS zone automatically, you should enable Scavenging through Zone properties. Scavenging will help you clean up old unused records in DNS. Since "clean up" really means "delete stuff" a good understanding of what you are doing and a healthy respect for "delete stuff" will keep you out of the hot grease. Because deletion is involved there are quite a few safety valves built into scavenging that take a long time to pop. When enabling scavenging, patience is required. Reference: http://www.gilham.org/Blog/Lists/Posts/Post.aspx?List=aab85845-88d2-4091-8088a6bbce0a4304&ID=211 QUESTION: 3 Unisoftnet.com has a single Active Directory domain. You have configured all domain controllers in the network as DNS servers and they run Windows Server 2008. A domain controller named UEC1 has a standard Primary zone for Unisoftnet.com and a domain controller named UEC2 has a standard secondary zone for Unisoftnet.com. You need to make sure that the replication of the Unisoftnet.com zone is encrypted so you might not loose any zone data. What should you do to achieve this task? A. Create a stub zone and delete the secondary zone B. Convert the primary zone into an active directory zone and delete the secondary zone C. Change the interface where DNS server listens on both servers D. On the standard primary zone, configure zone transfer settings. After that modify the master servers lists on the secondary zone E. None of the above Answer:B Explanation: To make sure that the replication of the Unisoftnet.com zone is encrypted to prevent data loss, you should convert the primary zone into an active directory zone and delete the secondary zone QUESTION: 4

UNiSOFT Education Center

4 UNiSOFT Education Center 70-640 Unisoftnet.com has a main office and a branch office. All servers in both offices run Windows Server 2008. The offices are connected through a MAN link. Unisoftnet.com has an Active Directory domain that hosts a single domain called maks.Unisoftnet.com. There is a domain controller in the maks.Unisoftnet.com domain called UEC1. It is located in the main office. You have configured UEC1 as a DNS server for the maks.Unisoftnet.com DNS zone. It is configured as a standard primary zone. You are instructed to install a new domain controller called UEC2 in the branch office. After installing the domain controller, you install DNS on UEC2. You want to ensure that the DNS service on UEC2 can update records and resolve DNS queries in the event of a MAN link failure. What should you do to achieve this objective? A. Configure the DNS on UEC1 to forward requests to UEC2 B. Add a secondary zone named maks.Unisoftnet.com on UEC2 C. Convert maks.Unisoftnet.com on UEC1 to an Active Directory-integrated zone D. Configure a new stub zone on UEC1 and set the forwarding option to UEC2 Answer:C Explanation: To make sure that the DNS service on UEC2 can update records and resolve DNS queries in the event of a MAN link failure, you should convert maks.Unisoftnet.com on UEC1 to an Active Directory-integrated zone. Active Directory-integrated DNS offers two pluses over traditional zones. For one, the fault tolerance built into Active Directory eliminates the need for primary and secondary nameservers. Effectively, all nameservers using Active Directory-integrated zones are primary nameservers. This has a huge advantage for the use of dynamic DNS as well: namely, the wide availability of nameservers that can accept registrations. Recall that domain controllers and workstations register their locations and availability to the DNS zone using dynamic DNS. In a traditional DNS setup, only one type of nameserver can accept these registrations-the primary server, because it has the only read/write copy of a zone. By creating an Active Directory-integrated zone, all Windows Server 2008 nameservers that store their zone data in Active Directory can accept a dynamic registration, and the change will be propagated using Active Directory multimaster replication. Reference: http://safari.adobepress.com/9780596514112/active_directory-integrated_zones

QUESTION: 5 Unisoftnet.com has a DNS server with 10 Active Directory Integrated Zones. For auditing purposes, you need to provide copies of the zone files of the DNS server to the security audit group. What should you do to achieve this task?

UNiSOFT Education Center

UNiSOFT Education Center 70-640 A. Execute ntdsutil > Partition Management > Display commands B. execute ipconfig/registerdns command C. execute the dnscmd/ZoneExport command D. Execute dnscmd/Zoneoutput command
Answer:C QUESTION: 6 Unisoftnet.com has a domain controller named UEC11 that runs Windows Server 2008. It is configured as a DNS server for Unisoftnet.com. You install the DNS server role on a member server named S1 and after this, you create a standard secondary zone for Unisoftnet.com. You configure UEC11 as the master server for the zone. What should you do to make sure that S1 receives zone updates from UEC11? A. On Server1, add a conditional forwarder. B. On DC1, modify the zone transfer settings for the testking.com zone. C. Add the Server1 computer account to the DNSUpdateProxy group. D. On DC1, modify the permissions of testking.com zone. Answer:B QUESTION: 7 Unisoftnet.com has a network consisting of an Active Directory forest named ebd.com. All servers run Windows Server 2008. All domain controllers are configured as DNS servers. The ebd.com DNS zone is stored in the ForestDnsZones Active directory partition. A member server contains a standard primary DNS zone for eb.ebd.com. You need to make sure that all domain controllers can resolve names for eb.ebd.com. What should you do to achieve this task? A. Create a delegation in the ebd.com zone B. Change the properties of SOA record in the eb.ebd.com zone C. Add NS record in the ebd.com zone D. Create a secondary zone on a Global catalog server Answer:A

QUESTION: 8 Unisoftnet.com has five Windows Server 2008 servers all are operating as domain controllers. Your DNS servers are all currently running as primary DNS zones. A DNS strategy which allows all DNS servers to hold the same database will need to be set up and your company necessitates that you use secure DNS dynamic updates for every client.

UNiSOFT Education Center

UNiSOFT Education Center 70-640

What type of DNS strategy should you implement? A. One server should be upgraded as a primary master and the rest as stub zones. B. One server should be upgraded as a primary master and the rest as secondary servers. C. All servers should be upgraded to Active Directory Integrated servers. D. All servers should be kept primary servers and replication will need to be set up. Answer:A, C Explanation: Having all the DNS servers upgraded to Active Directory Integrated zones will permit all DNS servers to share the identical Active Directory DNS database. Active Directory Integrated zones also permit secure dynamic updates. In the case of the TTL being too minute the load on the DNS server escalates. QUESTION: 9 You are responsible for UEC's network infrastructure. You are unsure whether or not you have a problem with name resolution and therefore you require confirmation that you are making use of the correct hostname. You want to test DNS on the local system and you need to establish if the hostname "server-1" resolves to the IP address 10.1.1.1. Which of the following actions provides a solution to the problem? A. A DNS server should be added to your local subnet. B. The mapping for the hostname "server-1" should be added to the IP address 10.1.1.1 in the local system's HOSTS file. C. An A record should be added to your local WINS server. D. An MX record should be added to your local DNS server. Answer:B Explanation: The HOSTS file is a text file-based database of mappings amid hostnames and IP addresses. It performs similar to a file based version of DNS and resolves a hostname to an IP address. QUESTION: 10 You work as an administrator at Unisoftnet.com. You have chosen to have DNS placed on a read-only domain controller (RODC). Which of the following types of DNS zones do you now possess? A. Primary with Active Directory integration B. Read-only DNS

UNiSOFT Education Center

UNiSOFT Education Center 70-640

C. Secondary DNS D. Stub DNS Answer:B Explanation: When choosing to load DNS on a RODC, the copy of DNS is then a read-only copy. The negative aspect to a read-only DNS server is that it will not permit dynamic updates. The advantage is that it can be situated in a non-secure location.

QUESTION: 11 Unisoftnet.com has a main office and single branch office in another state. Unisoftnet.com consists of a single Active-Directory domain forest. Unisoftnet.com has two domain controllers named UEC1 and UEC2. Both of the domain controllers run Windows Server 2008. The branch office has a Readonly domain controller (RODC) named UEC3. All domain controllers have DNS server role installed and they are configured as Active-Directory-integrated zones. All DNS zones are configured to allow secure updates only. You want to enable dynamic DNS updates on UEC3. What should you do to achieve this task? A. On DC1, create an active partition and configure the partition to store Active Directory-integrated zones B. Uninstall the Active Directory Domain services on UEC3 and reinstall it as a writeable domain controller C. Reconfigure RODC on UEC3 to allow dynamic updates D. Execute dnscmd/ZoneResetType command on UEC3 Answer:B Explanation: To enable the dynamic DNS updates on UEC3, you should uninstall the Active Directory Domain services on UEC3 and reinstall it as a writeable domain controller. A writeable domain controller performs originating updates and outbound replication. Reference: http://msdn.microsoft.com/en-us/library/cc207937.aspx

QUESTION: 12 Unisoftnet.com has a large network that consists of an Active Directory Forest containing a single domain. Windows Server 2008 is installed on all domain controllers. They are configured as DNS servers. Unisoftnet.com has an active directory-integrated zone with two Active Directory sites. Each site contains five domain controllers. You added a new NS record to the zone. You have to make sure that all domain controllers immediately receive the new NS record.

UNiSOFT Education Center

UNiSOFT Education Center 70-640 What should you do to achieve this task?
A. Execute repadmin/syncall from the command prompt B. Reload the zone from the DNS Manager console C. Create an SOA record from the DNS Manager console D. Shutdown and then, restart the DNS server service from services snap-in Answer:A QUESTION: 13 Unisoftnet.com has an Active Directory domain named comm.Unisoftnet.com. The domain contains two domain controllers named UEC1 and UEC2. Both servers have the DNS server role installed. You install a new DNS server named ns.Unisoftnet.com on the perimeter network. You configure UEC1 to forward all unresolved name requests to ns.Unisoftnet.com but you discover that the DNS forward option is unavailable on UEC2. You need to configure DNS forwarding on UEC2 server to forward unresolved name requests to ns.Unisoftnet.com server. Which of the following two actions should you perform to achieve this task? A. Clean the DNS cache on UEC2 B. Configure conditional forwarding on UEC2 C. Delete the Root zone on UEC2 D. Add zone forwarding on UEC2 Answer:B, C QUESTION: 14 Unisoftnet.com has a domain controller that runs Windows Server 2008. It is configured as a DNS server. You need to record all inbound DNS queries to the server. What should you configure in the DNS Manager Console? A. To log errors and warnings, configure event logging B. Disable automatic logs for recursive queries C. Enable automatic testing for recursive queries D. Enable debug logging Answer:D QUESTION: 15 Unisoftnet.com has two Active Directory forests named Unisoftnet.com and Unisoftnet.com. The company network has three DNS servers named UECA, UECB, and UECC. The DNS servers are configured as shown in the Exhibit.

UNiSOFT Education Center

UNiSOFT Education Center 70-640 UEC A UEC B UEC C

UNiSOFT Education Center

-(root) Unisoftnet.com _msdcs.Unisoftnet.com acme.com _mddes.acme.com

-(root) Unisoftnet.com _msdes.Unisoftnet.com

All computers that belong to the Unisoftnet.com domain have UECC configured as the preferred DNS server. All other computers use UECA as the preferred DNS server. Users from the Unisoftnet.com domain are unable to connect to the servers that belong to the Unisoftnet.com domain. You need to ensure users in the Unisoftnet.com domain are able to resolve all Unisoftnet.com queries. What should you do to achieve this task? A. Create a copy of the _msdcs.Unisoftnet.com zone on the UECC server. B. Configure conditional forwarding on UECA and UECB to forward Unisoftnet.com queries to UECC. C. Configure conditional forwarding on UECC to forward Unisoftnet.com queries to UECA. D. Create a copy of the Unisoftnet.com zone on the UECA server and the UECB server. Answer:C QUESTION: 16 A DNS client sends off a recursive inquiry to its local DNS server looking for the IP address of www.bigbrother.gov. The DNS server cannot find any local zones matching the requested domain name; therefore it forwards a request to a root name server. What should the root name server reply with? A. The IP address of the name server for the bigbrother.gov domain B. The DNS name of the .gov top-level domain C. The IP address of www.bigbrother.gov D. The IP address of the name server for the .gov top-level domain Answer:D Explanation: The root name server has control over the root domain and has to reply with the IP address of a name server for the .gov top-level domain. Upon receiving the IP address of the top-level domain the system should inquire for the bigbrother address.

UNiSOFT Education Center

10

UNiSOFT Education Center 70-640

QUESTION: 17 A spammer is trying to send junk mail via an unwary mail server at Unisoftnet.com. The spammer makes use of a fake DNS name from which they assume the mail server will accept the mail, yet the mail is rejected nevertheless. What would cause the mail server to refuse the spammer's mail? A. When the spammer's DNS name not being found in the cache file of the primary DNS server that serves the mail server's domain. B. When a fake DNS name is detected. C. When a mail server employing a reverse lookup zone with the aim of confirming that DNS names are not fake. D. When the spammer does not have an MX record in the database of the DNS server which serves the mail server's domain. Answer:C Explanation: The majority of mail servers are capable of being configured to have incoming mail rejected from servers whose IP addresses cannot be determined with a reverse lookup. QUESTION: 18 You are a network administrator at Unisoftnet.com. Your supervisors assign you to troubleshoot an error whereby a client computer appears to contain outdated DNS data. You use ipconfig to view what DNS servers the client is operating and you've used ping to confirm connectivity to those servers. Which of the following commands should you use? A. ipconfig /cleardns B. nslookup /flushdns C. dns /register D. ipconfig /flushdns Answer:D Explanation: The command ipconfig /flushdns clears up the local DNS cache. QUESTION: 19 A Unisoftnet.com user wishes to have a Windows Server 2008 DNS server configured to answer queries for hosts on his intranet however not on the Internet.

UNiSOFT Education Center

11

UNiSOFT Education Center 70-640

What should you do? A. Installing the DNS server inside his company's firewall B. Configuring his server as a root server and leaving out root hints for the top-level domains C. Leaving forwarding turned off D. Disabling recursive lookups Answer:B, C Explanation: Having the server configured as a root server and leaving forwarding off indicates that the server will either answer a query for known addresses or return a failure for unknown addresses. QUESTION: 20 Which of the following tools can be used to configure DNS server services? A. The DNS administrative tool B. Computer Management C. Network Properties D. Active Directory Users and Computers Answer:A Explanation: The DNS administrative tool is to be used to configure settings for the DNS server service. DNS zone files can be manually edited by making use of a standard text file editor. QUESTION: 21 You are an administrator at Unisoftnet.com. Unisoftnet.com presently makes use of Windows Server 2008 domain controllers. Unisoftnet.com wishes to utilize multiple account lockout policies according to what department people are in. Which of the following should you use? A. Multiple Password policy B. DSA Password policy C. OU Password policy D. Fine-grained Password policy Answer:D Explanation:

UNiSOFT Education Center

12 UNiSOFT Education Center 70-640 Windows Server 2008 boasts a new fine-grained Password policy which permits an organization to have different Password as well as account lockout policies for diverse sets of users in the same domain.

QUESTION: 22 You are a systems administrator at Unisoftnet.com. You prevent users from starting or stopping a particular service on domain controllers. Which of the following tools can you use? A. Active Directory Users And Computers tool B. Domain Controller Security Policy C. Domain Security Policy D. Local System Policy Answer:B Explanation: The settings made in the Domain Controller Security Policy tool are only relevant to domain controllers. QUESTION: 23 Unisoftnet.com has a main office and ten branch offices. Unisoftnet.com has an Active Directory forest that hosts a single domain. Each office has one domain controller and each is configured as an Active Directory site. All sites are connected with the DEFAULTIPSITELINK object. You need to decrease the replication latency between the domain controllers. What should you do to achieve this task? A. Decrease the cost between the connection objects B. Decrease the connection replication interval for all connection objects C. Decrease the replication interval for the DEFAULTIPSITELINK object D. Increase the replication interval for the DEFAULTIPSITELINK object Answer:C

QUESTION: 24 The Unisoftnet.com network consists of a single Active Directory domain. Ten domain controllers are present in the domain. All domain controllers run Windows Server 2008 and are configured as DNS servers. You are instructed to create a new Active Directory-integrated zone. You need to make sure that the new zone is only replicated to four of your domain controllers. What should you do first?

UNiSOFT Education Center

13

UNiSOFT Education Center 70-640

A. execute dnscmd/enlistdirectorypartition from the command prompt B. Configure a delegation in the DomainDnsZones application directory partition C. Configure a new delegation in the ForestDnsZones application directory partition D. Run dnscmd/createdirectorypartition from the command prompt Answer:D QUESTION: 25 Unisoftnet.com has an Active Directory domain called Unisoftnet.com which contains two DNS servers named UECA and UECB. The DNS servers are configured as shown in the Exhibit.

UEC A
_msdes.Unisoftnet.com Unisoftnet.com

UEC B
-(root) _msdcs.Unisoftnet.com Unisoftnet.com

Domain users are unable to connect to Internet websites while using UECB as their preferred DNS server. You need to enable Internet name resolution for all client computers. What should you do to achieve this task? A. Delete the .(root) zone from UECB. Configure conditional forwarding on UECB. B. Update the Cache.dns file on UECB. Configure conditional forwarding on UECA. C. Create a copy of the .(root) zone on UECA. D. Update the list of root hints servers on UECB. Answer:A QUESTION: 26 Unisoftnet.com has an Active Directory forest. All domain controllers run Windows Server 2008 and are configured as DNS servers. You have an Active Directory-integrated zone for Unisoftnet.com. You have a Unix-based DNS server. You need to configure your Windows Server 2008 environment to allow zone transfers of the Unisoftnet.com zone to the Unix-based DNS server. What should you do in the DNS Manager console? A. Create a secondary zone. B. Enable BIND secondaries. C. Disable recursion.

UNiSOFT Education Center

14

UNiSOFT Education Center 70-640

D. Create a stub zone. Answer:B

QUESTION: 27 Unisoftnet.com has multiple remote locations linked to your main office via slow satellite links. You would like to install DNS into these offices for clients to be able to easily locate authoritative DNS servers in the main location. What of the following types of DNS servers should be installed in the remote locations? A. Primary DNS zones B. Secondary DNS zones C. Active Directory Integrated zones D. Stub zones Answer:D Explanation: Stub zones are extremely effective for use in slow WAN connections. These zones only store three types of resource records that being: NS records, glue host (A) records, and SOA records. These three records can be utilized to locate authoritative DNS servers.

QUESTION: 28 Unisoftnet.com has two master servers operating in your environment, a primary master and a secondary master. These DNS servers are responsible for the zone example.com. Whilst the secondary master has the domain transferred, which part of the DNS zone does it use to establish whether or not the zone data has changed? A. The TTL, or time to live B. The NS record C. The serial number D. The database record tombstone Answer:C Explanation: The serial number is utilized by secondary servers to establish whether or not the zone data has changed. This value is routinely updated with Windows Server 2008 DNS server by default. The zone's TTL is used to verify what time to query for an update of the zone file from the master server except if a Notify message has been sent by the master server in the interim.

UNiSOFT Education Center

15

UNiSOFT Education Center 70-640

QUESTION: 29 Unisoftnet.com has been particularly successful with its e-commerce site and due to your customers having come to expect such high levels of reliability; you intend to build several servers that mirror each other in the occurrence of server failure. Your customers will still be receiving excellent service. The web server is named www.example.com, which you are currently replicating on machines on different subnets on which you have completed all the required host records in the DNS. It comes to your attention that only one machine is responding to client requests. You are not the initial administrator for Unisoftnet.com therefore you imagine some of the default settings were changed before you too control. What must be done for your customers to be able to utilize all the mirrored web servers? A. DNS sharing should be enabled. B. IIS sharing should be enabled. C. Round robin should be enabled. D. Request redirector should be enabled. E. The proper priorities metric should be configured for this hostname. Answer:C Explanation: The round robin option permits you to bear a hostname listed with multiple IP addresses and then, as each request enters the DNS server, rotate the list, in succession presenting all of the IP addresses. This will have the load balanced out across all the servers which you have mirrored as well as configured in the DNS. QUESTION: 30 Unisoftnet.com has an Active Directory domain called es.Unisoftnet.com. Unisoftnet.com has a subsidiary company named Woksworks Inc. Woksworks Inc. has an Active Directory domain called intranet.woksworks.com. Since the woksworks Inc. security policy doesn't allow the transfer of internal DNS zone data outside the woksworks network, you have to make sure that Unisoftnet.com users are able to resolve names from intranet.woksworks.com domain. What should you do to achieve this task? A. Set conditional forwarding for the intranet.woksworks.com domain B. Put intranet.woksworks.com in the Active Directory of Unisoftnet.com C. Create a subzone for the intranet.woksworks.com domain D. Reconfigure the intranet.woksworks.com domain as a standard secondary zone E. None of the above Answer:A Explanation:

UNiSOFT Education Center