Pass Your Microsoft 70-640 Exam Easy!

ahmad - answer in dump is correct. When you set Set-ADOrganizationalUnit, you can't delete OU. but you can delete objects inside OU. You need set option using Set-ADObject.

Exam K, Q10 - correct answer is D (the permissions of the Server1 computer account) not A (the permissions of the Group1 group).
http://technet.microsoft.com/en-us/library/cc738653%28v=ws.10%29.aspx

Exam L , Q7 - correct answer is B, D.
Auditpol /resourceSACL can be apply only to Windows 7 and Windows Server 2008 R2.
http://technet.microsoft.com/en-us/library/ff625687%28v=ws.10%29.aspx

@njh- the answer from the dump is correct, when you perform an offline AD, you need to stop the services, thats why they called it "offline mode" not "Start the dc service" wew:(

Hi, i think this is wrong

you need to ensure that the administraotrs of any of the domains can specify a user principal name(UPN)suffix oflitwareninc.com when they create user accounts by using active dirctory users and computers.

which tool should you use

A. Set-ADforest
B. Set-ADDomain
C. Active directory adminstrative center
D. Active directory sites and services

I search for this and yeah, there is a powershell script for adding a suffix but this question i altered, you can create UPN suffixes on Active Directory Domains and Trusts to the forest. why powershell script pointing it to

Server 1 and Server 2 is correct..

Yes Ranrom : The answer is Server 1 & Server to for Exam L , Q7 ,, I'm Sure :)

Exam L , Q7 answer is Server 1 and Server 2

Exam L , Q7: It should be C & D - Can someone please verify !?

@gawad:

You mean same questions as in the dump but in a big scenario.

Alhamdu Lelah, passed today 24 November, the dump is valid in Egypte, the new to the exam is the combination of multiple questions in one big question.
hope you all good.

to perform offline active directory which is the correct answer
a.start dc in directory service mode and run defrag util
b.start dc in directory service mode and run ntdsutil
c.stop dc service in service local mmc and run ntdsutil
d.stop dc service in service loal mmc run defrag
becuase in this dump it is saying c is correct but i think b is the correct answer
please need your help

passed today.valid dump but 20 new questions came..a lot on CA. Understand topics and do not rely on memorizing answers. But 70% valid in Caribbean

Passed today 875/1000. 2-3 tricky questions. This dump is 95% valid in INDIA

None, no labs just exam

I passed 900/1000 yesterday. I'm from VIETNAM.This dump still valid 95%

Hello everbody, I mean it's more likely the 50 questions are the total test questions with chance to appear questions different by random is that?

or the test consists of 438 random questions really

Because study 438 questions is impossible to remember all

hello pigeon, I mean it's more likely the 50 questions are the total test questions with chance to appear questions different by random is that?

or the test consists of 438 random questions really

tks for help

Valid in Australia, study all these questions as a random selection from all the exams appeared. Probably 5 new passed with 850

Hello all, i have a question o need to study to all questions? 438 questions or 50 to pass?

did exam on 20th , most of the questions are from this dump but they changed the answers in my exam. don't memories the questions please understand the scenarios. other wise u will fail.. that is my opinion

thanx for the contributors..

eam g q5
Your network contains an Active directory domain. The domain contains an organization unit(OU) named OU1.OU1 contains all managed service accounts in the domain. You need to prevent the managed service accounts from being delete accidentally from ou1.Which cmdlet should you use?
A. Set-ADObject
B. Set-ADOrganizationalUnit
C. Set-ADServiceAccount
D. Set-ADUser
answer in dump is A i think b is the right answer anyone ?

Passed today with 800 marks, thanks lord and thanks a lot for these valid dumps

I passed to day 925, valid 95%, 5 new questions

@ Thierry no every time they change it but CA Q almost the same .

they keep changing the Q's her in UAE

I Passed the exam scoring 925 marks on 19th Nov 2012. 100% valid in india.three new questions but were answerable ones.

I passed today with a score of 925, dump is vaild 100% except for two new questions , in israel

passed yesterday , this dump is valid :)

JUst scheduled the exam just one question about the exam are there any simulations / Labs in appearing in the exam.?????

@rotims thank you

@olu sure its valid in Nigeria @mk check your inbox...cheers

passed today 825..valid in Nigeria

valid in Israel, passed 850/1000, only 1 new question with an exibit about GPO.
the question with the exibit where you need to enable power management and you need to chose the "control panel" - it changed to enable wireless, the answer is the same.

@yahia In your 3 attempts were the questions the same or was there any changes?

pass today 875/1000. need to read and understand the dump. Thanks to everyone for sharing

@rotims kondwa14@yahoo.com

@MK whats your email address

Open it with VCE

97-99% valid! I've read all from this dump, and the exam only showed 3 'unexpected' questions. (Maybe i forgot on a few questions)
Anyway, I'm from malaysia and just passed on this morning. 825/1000

not valid azerbaijan.2-3 questions this dump 17 11 2012.fail

Very Valid in Canada. Passed Today with 850. Thumbs Up !!

Faild the third time first time i score 424 second score 678 third score 626 WTF

the dunp is not very valid in UAE .

ill do the forth Test ASAP never give up .

Valid in India. Passed today : 850.

I got 850 , the dump is valid , all the exam questions came from the dump, but I forgot some answers that's why I got 850

Hello All,

I passed and got 925, all the questions came from this dumps. Be carefull for the questions and their answers coming in different arraies in the exam.

Passed today 950
Tnk you Anony
And to passe the Exam its recommanded to understand

be aware this dump in egypt is available but most of questions are wrong answer , i took the exam today , and the questions are available but most answers wrong from the dump , but all questions are available ,the dump owner try to handle alot of wrong answers in this dump

Passed today! 725/1000
dump valid study understanding the issues.

Thank`s all

Passed yesterday 13 Nov. 900/1000. Only 2 question different than the ones in this dump. Thanks to all

if you fail the exam the first time do they change the exam the second time around.

Passed yesterday 12 Nov. in Belgium with 850/1000. Only 1 question different than the ones in this dump. Thanks to all contributors.

Passed on Sat. with 700. 10-12 new questions. Dump still valid. Thanks to everyone who contributed.

Failed today 678/1000 .. dump is valid but I forget many questions..

Passed Today 932.

7-9 new questions

ADMX and ADML for french Language
Dns zone transfer security - there was no DNSSEC option for primary and secondary zone.
Cerificate Auth- smartcard auth - employee left the company what you do to disable the access - options were revoke certificate, reset passord or diable account.

Thanks to everyone and Good luck

Dear all
Thanks for all your valuable comments.. I have passed the exam today with 823 marks.. 12 questions was from outside.. Prepare all the questions you will win.. Valid in uae

Passed yesterday morning with an 850 out of 1000. Still valid in the midwest US. All questions were from this dump. Two of them had changed answers, but if you study this dump fully, you will pass. However, please remember that Microsoft knows these dumps exist and even warns you that they may reject your certification if they think you've used a dump to study. So, for Christ's sake, read the questions and try to look like it's the first time you're seeing them before answering. At least where I took the test, I was being recorded. Use your sheets, calculate answers and take your time. I could have been out of there in 20 minutes, but how would that have looked. I took the full two hours.

i took the exam yesterday and i pass the exam 876 this dummy is good but there are 3 questions are duplicated questions with different answer and the following is one of them : You need to ensure that DC1 and DC4 are the only server that replicate AD changes between the sites. What should you do ?

A. Configure Dc1 as a preferred Bridgehead server for IP transport.
B. Configure Dc4 as a preferred Bridgehead server for IP transport.
C. From DC4 Server object, create a connection object for Dc1
D. From Dc1 Server object, create a connection object for Dc4

You need to ensure that DC1 and DC4 are the only server that replicate AD changes between the sites. What should you do ?

A. Configure Dc1 as a preferred Bridgehead server for IP transport.
B. Configure Dc4 as a preferred Bridgehead server for IP transport.
C. From DC4 Server object, create a connection object for Dc1
D. From Dc1 Server object, create a connection object for Dc4

Which is True. answer in this dump g section answer A and F section answer B. Some other dumps answer C.

Thank God to the Almighty God passed to day with 841

@Hamid Mahmood I had about 15 new questions and i didn't prepare well. I just failed by a question or two. I tried to jam too much in at once and probably made careless mistakes on some questions.

Dump Still Valid - Scored 900 - 10/50 new Questions.

Problem solved. All the vce files are opening fine in Windows 7 operating system. I am using windows vista and visual cert exam software has some compatability issues with windows vista and other versions of windows.

Not a valid dump! Study Hard!!!! hahahahaha :) just kidding..


Kidding aside: Dump was still valid study this dump q468 and dump q223. Understand it and don't memorize it. Got 2 new questions

I thank God that I passed. Good luck guys and thanks for sharing! :D

Passed today with 823 marks.only 7 new questions.Thnx for the share.

passed 1000 valid in sa.

Hi anyone seen tried using examworx? they have just 91 questions and they said its guaranteed. I really find this 468 questions alot to study considering the fact that i work aswell. Any idea and Examworx?

Valid here in Philippines. Just passed today! Thanks for all the shares! ;-)

Thanks To Allah Passed Yesterday with 823. This dump still valid with 95%.

thankxxx to this dump score 894

Pass on 6 Nov with 800 marks

Passed today with 770 score but dump is 70% valid because i got 12 to 15 new question. I think no need to worry about it just need to attempt them with fully concentration. Thanks

passed today 7 new Q

Sorry I meant to ask if the test is from the same bank of question.

I failed the test last week. When I go to retake the test is it a bank of question?

passed today with 941, only 1 new Q , 49 Q from NowAnonymous.223q.vce or you can study this dump from F section onwards, not a single Q from A-E section.
but you can study all the dump to be suree. gd luck for all.

The dump is valid but you need to practice the questions and answers with understanding, passed on 3.11.2012 with 876

@Chris, we have the same issue, just download the latest version of Visual Certexam, this would probably ah cryptogrphic issue on the formats, just download 3.0 or later :) cheers

For those of you who recently took the test, I just found 62 questions on this site below. Do you mind having a look and sharing if these questions show up on your exam?

http://studydroid.com/printerFriendlyViewPack.php?packId=135587

Passed with 770 in Serbia. Study this dump well and you will not have problems. 95% valid. Good luck to all.

Hi Mauritius, which dump you used?

Passed TODAY 876..90 %VALID.
Do not just memorise.understd the question.answers re-arrange in exam.
GOOG LUCK.

pass with 841 marks. 100% valid...Thanks for posting this

Valid dump passed today more than 900. Study hard make sure you understand the questions and the answers. Thanks

passed today 858 almost all q from dump
very god dump to pass,and lern from.
isreal 2/11/2012
thanks alot

Passed today Oct 31, 2012 - with an 858 score.

All questions were from this dump. Several simulator questions so make sure you study the small sections toward the end of this dump - thats where the sims are. You will note they are the questions with graphics. They aren't complex sims at all - just drag drop and click on an area of the screen to highlight a site or a choice.

Some of the questions on this dump are wrong so just remember you only run ad forest prep once - when you install the first 2008 dc into a 2003 forest. You only run ad dom prep once per dom - when you install the first 2008 dc into a 2003 dom. And you only run RODC prep once per dom - when you install the first RODC for that dom. These questions have you running rodc prep when a dom already has 4 dc's in it on 2k8. That's absolutely wrong. If you're installing the first 2k8 server into a forest then you don't need to run dom prep or ad prep because the 2k8 ad already has the schema expanded to support it. You only run dom prep and ad prep if you're adding 2k8 dc's to a 2k3 forest/dom for the first time. (you also did this for adding 2k3 servers to 2k forests and you will be doing it when you add 2k12 servers to a 2k8 forest/dom for the first time.)

Dump's valid here, scored 800+
Thanks to all the contributors of this.
Cheers

Your company has an Active Directory domain named ad.contoso.com. The domain has two domain controllers named DC1 and DC2. Both domain controllers have the DNS Server server role installed.
You install a new DNS server named DNS1.contoso.com on the perimeter network. You configure DC1 to forward all unresolved name requests to DNS1.contoso.com.

You discover that the DNS forwarding option is unavailable on DC2. You need to configure DNS forwarding on the DC2 server to point to the DNS1.contoso.com server. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

A. Clear the DNS cache on DC2.
B. Delete the Root zone on DC2.
C. Configure conditional forwarding on DC2.
D. Configure the Listen On address on DC2.

Answer in the dump: B, C

Why conditional forwarding? It used to forward queries for particular domain name. You should configure Forwarding to DNS1, but there isn't so answer. Probably A is the second action. Any ideas?

Passed today with 894 this dump still valid %100 الحمد لله

Which dump is still valid some guys says FixedAnswers but some guys says nowanon I m preparing so Can any one tell me which dump is 100% valid I m confusing to select FixedAnsers dump or nowanon dump.

any one who face the problem on opening the dump leave your address, I will instruct

All,

These dumps are 70 %VALID because there are some new questions some answers are wrong in the dumps. So please find out the correct answer if you want to pass. I have passed today.

Don't memorise the answers, try to understand the scenario/theory.

Good Luck!

ask in the forum of
Microsoft.Pass4Sure.70-640.v2012-10-24.by.NowAnonymous.223q.vce
there are some sharing company keys or something else

Thierry, badri ::: Download the new Version: 3.0.1
http://www.avanset.com/products/visual-certexam-suite.html

@NowAnonymous I wrote the exam on 4th October but i got 615. is this dump still valid for someone going for the second attempt like me? Help me out please.

Thanks.

@ Venomous

you have nailed it!

Oh btw.Just take note that the answer position changes for some question which made me confuse a little during the exam.lol. and big thanks to anonymous for uploading this good dump.

Passed today with 752 score. This dump is still valid in Malaysia and there are around 4 to 5 new questions. My advice is study all the 468 questions in this dump. I noticed some of the questions still comes from Exam A-E. Good luck everyone :)

@sender

Regarding D/Q28:

We have the option here to lower the domain functional level to Windows Server 2008, using Set-ADDomainMode, because the forest functional level is lower.

===================================
Reference:
http://technet.microsoft.com/en-us/library/understanding-active-directory-functional-levels.aspx
===================================
After you set the domain functional level to a certain value in Windows Server 2008 R2, you cannot roll back or lower the domain functional level, with one exception : when you raise the domain functional level to Windows Server 2008 R2 and if the forest functional level is Windows Server 2008 or lower, you have the option of rolling the domain functional level back to Windows Server 2008. You can lower the domain functional level only from Windows Server 2008 R2 to Windows Server 2008. If the domain functional level is set to Windows Server 2008 R2, it cannot be rolled back, for example, to Windows Server 2003.

hi,

Can someone please confirm the answer for the following question:

Your network contains an Active Directory domain named contoso.com. All domain controllers run
Windows Server 2008 R2. The functional level of the domain is Windows Server 2008 R2. The functional
level of the forest is Windows Server 2008.

You have a member server named Server1 that runs Windows Server 2008.
You need to ensure that you can add Server1 to contoso.com as a domain controller.

What should you run before you promote Server1?

A. dcpromo.exe /CreateDCAccount
B. dcpromo.exe /ReplicaOrNewDomain:replica
C. Set-ADDomainMode -Identity contoso.com -DomainMode Windows2008Domain
D. Set-ADForestMode -Identity contoso.com -ForestMode Windows2008R2Forest

Option C: Domain functional level is R2 already so can't lower it down to Windows 2008
Option D: You can't raise the forest functional level to R2 as Server 2008 is not supported.

any other ideas please?

passed exam (788) with this dump, few questions were new. But if You prepare this dump good, You'll surely pass.

Yes, .223q are already included in the vce 70-640 v2012-08-30 by Nowanon 468q. Find this vce in the list, when you click on Home > Microsoft > 70-640 on the top of this site.
and Nowanon 468q is a later version from this fixedanswer.vce. some answers has been corrected - based on posts in this forum.

@LadySV650S. Please can you confirm if you have used the above dump i.e Microsoft.Pass4Sures.70-640.v2012-08-19.by.FixedAnswers.468q.vce?

dump is valid. Passed 700 today United States

hi thanks for the reply,

So 2012-10-24 by NowAnonymous 223q are already included in 70-640 v2012-08-30 by Nowanon 468q? also where do I download 70-640 v2012-08-30 by Nowanon 468q from ?

Thanks.

-70-640 v2012-08-30 by Nowanon 468q- is up to date
and -v2012-10-24 by NowAnonymous 223q- contains the newest parts from the file above, those are asked more frequently

what do you mean with changed? old q reworded, more answer options, totally new scope/never seen questions?

anyone who remembers some of the new q - at least partially? thanking you in anticipation

passed today, more than half questions have changed.

Passed today!!!
Some of the questions were changed but mos of it is still valid
Good luck!!

today i did the exam ,,,927/1000. and only use 2012-10-24.by.NowAnonymous.223q.vce dump is 100% valid.
not wanted this all of parts 486. some of parts are expires.

Many new questions and i failed because of that and not preparing long enough. Live and learn. i'm in Canada.

I have passed it this morning, i have scored 894. This dump is still valid in Algeciras ( Spain ) ;)

@waqas awan .check your mail.the old VCE opens with older versions
@whiteboi @Laur.Thaaanks for the vce file!!!!
@TX .sorry don't have that but sure someone will give it soon.

ohh @ MX thank you.
@ Laur & @ MX
but i already pass 70-640 exam .all i need to open (70-642 & 70-646) dumps files.when i use Visual CertExam Suite version 1.9 or version 2.8 it's report me thats these (dumps was created wilth old version of Visual CertExam Suite .try to install new version of Visual CertExam Suite) (which is version 3.1) my email anm015@yahoo.com.so please help me.thanks

@TX .check your mail.the old VCE opens with older versions
@whiteboi @Laur.Thaaanks for the vce file!!!!

@major.H
u can download the VCE on the right side of your screen but to see all the question, you will need to buy a licence for it. Otherwise, Mtaa Vipi?

@lumia_b There are 50 questions and no lab simulations. The questions were from this dump only - at least for me. Just 3 questions were a bit modified. I managed to pass with 911 point from 1000.

hello friends.
I have some doubts please give your valuable comments please.
how many questions will it come for this exam 70-640.
are there any lab simulations for this exam. i'm going to do this in 3rd nov. please help me. :D :D

Passed today with a score of 805. My friend passed with 876. 1 new question. Dump valid in Manila, Phillipines. Thanks for this dump!

Got it!! Thanks a bunch Laur!!

@Rene You are right, I didn't think of that.
@Whiteboi, @quarantine Check your email!

@ Laur can you help me out. I can open the file. My email is vince.white41@gmail.com. Thanks as I am looking to give exam this week.

Pass Today the Dump Still Valid In Egypt 100%

@ Laur

The site admins don't change the dumps.

The dumps are published in the version of the uploader.

It's the uploaders choice which VCE version he uses.

Maybe the uploader can post which version he used once the upload has been published.

Hi everyone
I have 70-640 exam next week and wanted to check my knowlage with these dumps. Can anyone with the lates version of VCE email me one so that I can study this dumps. I can't open this file with the older version.
My email is: xsarius@wp.pl
Thanks for any help:)

It seems that site admins changed the vce file format to a newer one supported only by newer versions of VCE. The file that I downloaded a few weeks ago is smaller that the file is now on download. I sent to 4 email adresses the old version of the file, so you can open the old version and a .xps file for read&print.

@Laur from Romania my email add is jmoyo30@gmail.com . pls send me the vce program that opens this test

Passed today 700 / 1000, this dump is valid. but to pass you have to understand the material. pay more attention on the following:
- Certificates.
- GPO's
- cmd commands (very important)

Now to the next exam (70-642)

Best Luck to all.

pass last week!! this is valid in israel.
studied all Q for one time, but if you want to be sure, go ahead and do it 3 times.

try to understand the answer , good luck :)

@Dave The answer is good. "To perform an offline domain join using physical computers, you can complete the following steps. The best practice in this case is to have one domain controller, one domain-joined computer to use as a provisioning server, and one client computer that you want to join to the domain."
http://technet.microsoft.com/en-us/library/offline-domain-join-djoin-step-by-step%28v=ws.10%29.aspx#BKMK_ODJSteps

This dump is super valid in Palestine, I passed yesterday with 964, about 6 question out of the dump. STUDY HARD and its will be easy

Exam I, Q8.

How can running djoin.exe/provision on a file server and not the DC be the right answer??

Got to be the wrong answer.

@HH, look at the right side of this page at top, you will see "how to open VCE file"
you will find the latest version of Visual CertExam. you will have to purchase it for about $ 24.00 to use it. wish you best luck.

Same here.

Can someone help me to open this file?
I want to prepare for my exam.

Thanks in advance

Passed today with 911. Thanks you very much. Thanks for this dump.

@Rade
Congratulations! Good luck in your career!

Passed today with 929 in Serbia.This dump is valid 100%. Thank you very much everyone, special thanks to Venomous. Good luck!

Hi
I was using this fine with my VCE version 987 since last week but now I cant use it, it says the file is out of date. Can anyone help.

Thanks tony

Congratulations Hunter_9!

I'll have this test tomorrow in Jordan, I'm highly depending on this dump,.

Thanks to ALLAH, I just passed the test today.

This dump is valid 100%

@Rade
Regarding K/Q42 (445 of 468)

"Your network contains an Active Directory domain named litwareinc.com. The domain contains two sites named Sitel and Site2. Site2 contains a read-only domain controller (RODC).

You need to identify which user accounts attempted to authenticate to the RODC.

Which tool should you use?

A - Active Directory Users and Computers
B - Ntdsutil
C - Get-ADAccountResultantPasswordReplicationPolicy
D - Adtest"

According to the dump it's C, but I'd go for A.

Ntdsutil cannot be used for this.
http://technet.microsoft.com/en-us/library/cc753343.aspx

Get-ADAccountResultantPasswordReplicationPolicy is used to get the members of the allowed list or denied list of a read-only domain controller's password replication policy. Get-ADDomainControllerPasswordReplicationPolicyUsage could be used, but is not listed.
http://technet.microsoft.com/en-us/library/ee617207.aspx

Adtest is used for perfomance testing.

==========================================
Reference 1:
http://technet.microsoft.com/en-us/library/cc755310.aspx
==========================================
"Review whose accounts have been authenticated to an RODC
Periodically, you should review whose accounts have been authenticated to an RODC. (.)
You can use Active Directory Users and Computers or repadmin /prp to review whose accounts have been authenticated to an RODC."

=========================================
Reference 2:
http://technet.microsoft.com/en-us/library/83a6daba-cdde-4606-97a3-6ebb9d7fa6bf(v=ws.10)#BKMK_Auth2
=========================================
Gives a step by step explanation on using Active Directory Users and Computers.

Passed today in UK. Score 717. Just 3 or 4 new questions. Don't learn every work because the questions are slightly different then here. Try to understand why is that answer. So still valid 90%. Thank you all for your effort.

@Venomous

What you say about this question:
http://i.imgur.com/DP6am.png

@Venomous
I think you are right, Thank you very much

@ previous comment
the 4th choose was "using active directory administrative center "

passes with score 876
first special thanks to venom i got only 2 new questions from the dumb
i only remember 1

u need to enable universal cashing on all domain controllers by using one of the following
1- powershell
2-ntdsuti
3-dnscmd
4- cant remember

thanks to all and god bliss u venom

Valid in Spain. 95%, passed! Thanks!

(Using a proxy, got message: "You already have posted five comments. Please try to post another later.")

@nedal
Thanks for your contribution. These discussions makes the VCE get better.

Ok, the way I interpret answer D, "the permissions of the Server1 computer account", is that the permissions of the *Server1 account itself* would need to be modified. But aren't you modifying the permissions of Group1 when you grant them the Allowed To Authenticate permission on Server1?

By telling Server1 that Group1 gets the 'Allowed To Authenticate' permission we're not giving the *Server1 computer account* extra permissions, I think.

Reference:
http://technet.microsoft.com/en-us/library/cc816733.aspx

"For users in a trusted Windows Server 2008 or Windows Server 2003 domain or forest to be able to access resources in a trusting Windows Server 2008 or Windows Server 2003 domain or forest where the trust authentication setting has been set to selective authentication, ** each user must be explicitly granted the Allowed to Authenticate permission ** on the security descriptor of the computer objects (resource computers) that reside in the trusting domain or forest."

Group1 would be given permission *on* Server1, we're not giving permission *to* Server1. At least, that's how I see it.

@Venomous and Rade
Regarding K/Q10 (413 of 468) I think the correct answer is D, you must explicitly give authentication to computer object.
(Selective authentication over a forest trust restricts access to only those users in a trusted forest who have been explicitly given authentication permissions to computer objects (resource computers) that reside in the trusting forest. To explicitly give authentication permissions to computer objects in the trusting forest to certain users)
refer to http://technet.microsoft.com/en-us/library/cc758152%28v=ws.10%29.aspx

@Rade
Regarding K/Q10 (413 of 468)

"Your network contains two Active Directory forests named contoso.com and fabrikam.com. Each forest contains a single domain.

A two-way forest trust exists between the forests. Selective authentication is enabled on the trust.

Contoso.com contains a group named Group 1.
Fabrikam.com contains a server named Server1.

You need to ensure that users in Group1 can access resources on Server1.

What should you modify?

A - the permissions of the Group1 group
B - the UPN suffixes of the contoso.com forest
C - the UPN suffixes of the fabrikam.com forest
D - the permissions of the Server1 computer account"

Well, Group1 must get the 'Allowed To Authenticate' permission on Server1, so I'd go for A, as given.
Answer D may sound tempting, but it speaks of permissions *of the Server1 computer account*. Quite a difference! So A it must be.

===================================================
Reference:
MS Press - Self-Paced Training Kit (Exam 70-640) (2nd Ed., July 2012)
page 643-644
===================================================
"After you have selected Selective Authentication for the trust, no trusted users will be able to access resources in the trusting domain, even if those users have been given permissions. The users must also be assigned the Allowed To Authenticate permission on the computer object in the domain.

1. Open the Active Directory Users And Computers snap-in and make sure that Advanced Features is selected on the View menu.

2. Open the properties of the computer to which trusted users should be allowed to authenticate—that is, the computer that trusted users will log on to or that contains resources to which trusted users have been given permissions.

3. On the Security tab, add the trusted users or a group that contains them and select the Allow check box for the Allowed To Authenticate permission."

A corporate network includes a single Active Directory Domain Services (AD DS) domain. All regular user
accounts reside in an organizational unit (OU) named Employees. All administrator accounts reside in an
OU named Admins.
You need to ensure that any time an administrator modifies an employee's name in AD DS, the change is
audited.
What should you do first?
A. Enable the Audit directory service access setting in the Default Domain Controllers Policy Group
Policy Object.
B. Create a Group Policy Object with the Audit directory service access setting enabled and link it to the
Employees OU.
C. Enable the Audit directory service access setting in the Default Domain Policy Group Policy Object.
D. Modify the searchFlags property for the User class in the schema.
Answer: C

why answer is not A, pls refer to http://support.microsoft.com/kb/232714

@Venomous

Great post!Thank you Venomous!

@Rade
Following my long post below, the more I think about it, the more I lean towards repadmin.

This link shows how to use the repadmin command to show who is on the allowed list on an RODC:
http://blogs.technet.com/b/askds/archive/2008/01/18/understanding-read-only-domain-controller-authentication.aspx

That's what is asked in the question!

Check here for some info on the repadmin /view command:
http://technet.microsoft.com/en-us/library/cc835090.aspx#BKMK_View

I think the Get-ADDomainControllerPasswordReplicationPolicyUsage command using the RevealedAccounts parameter equals to repadmin using the "reveal" parameter, producing a list of security principals whose passwords *have ever been replicated* to the RODC. But that's not what was asked in the question.

Sorry for all the text, I'm off watching a movie and call it a day!

@Rade

Regarding K/Q20 (423 of 468):

"Your network contains an Active Directory domain. The domain contains five sites. One of the sites contains a read-only domain controller (RODC) named RODC1.

You need to identify which user accounts can have their password cached on RODC1.

Which tool should you use?

A - Repadmin
B - Dcdiag
C - Get-ADDomainControllerPasswordReplicationPolicyUsage
D - Adtest"

This one is tricky. Don't forget, I'm learning for this exam too! :)

Both repadmin and Get-ADDomainControllerPasswordReplicationPolicyUsage seem to work:

========
Repadmin
========
Reference:
http://technet.microsoft.com/en-us/library/rodc-guidance-for-administering-the-password-replication-policy

"repadmin /prp
You can use this command to view or modify the PRP for an RODC."

repadmin /prp view rodc1.xyz.com allow

This will display a list of security principals for which the RODC with the host name "rodc1" in the domain xyz.com can cache passwords.

Sounds good!

====================================================
Get-ADDomainControllerPasswordReplicationPolicyUsage
====================================================
Reference:
http://technet.microsoft.com/en-us/library/ee617194.aspx

"Get-ADDomainControllerPasswordReplicationPolicyUsage
Gets the Active Directory accounts that are authenticated by a read-only domain controller or that are in the revealed list of the domain controller."

"To get the accounts that have passwords stored on the RODC, use the RevealedAccounts parameter."

Sounds good too!

Maybe this one is to list the accounts that actually *have been* authenticated by an RODC, hence the "Usage" at the end, instead of *can be* authenticated? I don't know.
----------------

If anybody knows the definitive answer, please speak up! :)

@ rashid

did they add any more answers option in one questions ?
plz answer

100% valid in pakistan.

@Venomous Thank you Venomous! What you think about this question?What is correct?

http://i.imgur.com/EOsiF.png

@Rade
Regarding J/Q25 (391 of 468):

"Your network contains an Active Directory domain named contoso.com. Contoso.com contains two domain controllers named DC1 and DC2. DC1 and DC2 are configured as DNS servers and host the Active Directory-integrated zone for contoso.com.

From DNS Manager on DC1, you enable scavenging for the contoso.com zone.

You discover stale DNS records in the zone.

You need to ensure that the stale DNS records are deleted from contoso.com.

What should you do?

A - From DNS Manager, enable scavenging on DC1.
B - From DNS Manager, reload the zone.
C - Run dnscmd.exe and specify the ageallrecords parameter.
D - Run dnscmd.exe and specify the startscavenging parameter."

According to Technet the answer should be A. Scavenging has been enabled for the zone, but it also needs te be enabled on the server.

Reference:
======================================================
Understanding Aging and Scavenging
http://technet.microsoft.com/en-us/library/cc771677.aspx
======================================================

"Prerequisites for aging and scavenging

Before you can use the aging and scavenging features of DNS, several conditions must be met:
- Scavenging and aging must be enabled, both at the DNS server and on the zone."

@Venomous

Thank you! I now have this question:

Your network contains two Active Directory forests named contoso.com and fabrikam.com. Each forest contains a single domain.

A two-way forest trust exists between the forests. Selective authentication is enabled on the trust.

Contoso.com contains a group named Group 1.

Fabrikam.com contains a server named Server1.

You need to ensure that users in Group1 can access resources on Server1.

What should you modify?

A.
the permissions of the Group1 group

B.
the UPN suffixes of the contoso.com forest

C.
the UPN suffixes of the fabrikam.com forest

D.
the permissions of the Server1 computer account

What is correct?

@Rade

According to Technet the "Auditpol /resourceSACL" command applies only to Windows 7 and Windows Server 2008 R2 (and I suppose Windows 8 and Windows Server 2012), so the answer should be Computer2 and Server2

Reference:
http://technet.microsoft.com/en-us/library/ff625687.aspx

One more question:

http://i.imgur.com/7rSyJ.png

In this dump answer is B&D, in others dump answer is C&D. What is correct? Thank you.

Question:
Your network contains an Active Directory domain named contoso.com. Contoso.com contains two domain
controllers named DC1 and DC2. DC1 and DC2 are configured as DNS servers and host the Active
Directory-integrated zone for contoso.com.
From DNS Manager on DC1, you enable scavenging for the contoso.com zone.
You discover stale DNS records in the zone.
You need to ensure that the stale DNS records are deleted from contoso.com.
What should you do?
A. From DNS Manager, enable scavenging on DC1.
B. From DNS Manager, reload the zone.
C. Run dnscmd.exe and specify the ageallrecords parameter.
D. Run dnscmd.exe and specify the startscavenging parameter.

In this dump answer is D, but in others dump answer is A.What is correct?

Hello Guys ,
I want to know are the questions comes in the exam as the same syntax i.e. using contoso.com , temper work and I want to know whether the solution comes in the same order or not !
thx 4 the help

@
asd

did they add more answers options to a questions or same like the vce file ?

I passed today the exam 700/1000 in the Bay Area, California
90% of the questions were from this vce file.
Study the question well and don't schedule the exam until you are 100% sure that you understand each question. Use google for every question you don't understand. Don't skip the ones you don't understand or guessed correctly. Trust me you won't memorize the question unless you understand it.
Know what ntdsutil, repadmin, dnsutil, dnscmd, ds, dsamain commands do.
Know the difference between master roles. There are a lot of questions about DNS and Certificates.
Most question on the actual exam will differ from this vce file but have the same meaning.
Go to the testing center earlier, they will assign you to exam right away regardless what your scheduled time is.
Good Luck!!!

@Rade

F/Q18
"Your network contains an Active Directory domain. The domain contains two sites named Site1 and Site2. Site 1 contains five domain controllers. Site2 contains one read-only domain controller (RODC). Site1 and Site2 connect to each other by using a slow WAN link.

You discover that the cached password for a user named User1 is compromised on the RODC.

On a domain controller in Site1, you change the password for User1.

You need to replicate the new password for User1 to the RODC immediately. The solution must not replicate other objects to the RODC. Which tool should you use?"

A - Active Directory Sites and Services
B - Active Directory Users and Computers
C - Repadmin
D - Replmon"

Most dumps tell you that the correct answer for this question A ("Active Directory Sites and Services"), but I think the answer should be C ("Repadmin").

Reference:
http://technet.microsoft.com/en-us/library/cc742095(v=ws.10).aspx

Repadmin /rodcpwdrepl
"Triggers replication of passwords for the specified users from a writable Windows Server 2008 source domain controller to one or more read-only domain controllers (RODCs)."

"Example:
The following example triggers replication of the passwords for the user account named JaneOh from the source domain controller named source-dc01 to all RODCs that have the name prefix dest-rodc:

repadmin /rodcpwdrepl dest-rodc* source-dc01 cn=JaneOh,ou=execs,dc=contoso,dc=com"

this dump is 100% valid. i passed today with 700 score. not bad. still valid in manila. thank u to all who contributed in this dump!!!!

This dump is 100% valid.
Passed today 778.
All questions from this dump
Only difference was there are a lot more options on the possible answers.
So study the questions as well as the answers from this dump and u should be fine
Thanks to the gang who into the questions in to the dump

Cleared 70-640. 100% valid dump. Thanks.

@ Rade : C is the correct answer (On a global catalog server, run repadmin.exe and specify the KCC parameter) coz u can select what u need to replicate using this command thus decreasing the file size.

One more question:

Your network contains an Active Directory domain. The domain contains two sites named Site1
and Site2. Site 1 contains five domain controllers. Site2 contains one read-only domain controller
(RODC). Site1 and Site2 connect to each other by using a slow WAN link.
You discover that the cached password for a user named User1 is compromised on the RODC.
On a domain controller in Site1, you change the password for User1.
You need to replicate the new password for User1 to the RODC immediately. The solution must
not replicate other objects to the RODC. Which tool should you use?
A. Active Directory Sites and Services
B. Active Directory Users and Computers
C. Repadmin
D. Replmon

what is correct answer?

Your network contains an Active Directory domain. All domain controller run Windows Server 2003.
You replace all domain controllers with domain controllers that run Windows Server 2008 R2.
You raise the functional level of the domain to Windows Server 2008 R2.
You need to minimize the amount of SYSVOL replication traffic on the network.
What should you do?
A. Raise the functional level of the forest to Windows Server 2008 R2.
B. Modify the path of the SYSVOL folder on all of the domain controllers.
C. On a global catalog server, run repadmin.exe and specify the KCC parameter.
D. On the domain controller that holds the primary domain controller (PDC) emulator FSMO role, run dfsrmig.
exe.

Please, can you tell me correct answer?In this dump answer is C, but in other dumps answer is D?I'm confused.

Passed today with 750 :) Thanks a lot for this dump. Still valid in Moscow, just 1 or 2 new questuions. Lots of questions from H-L exams!

@Ahmad
All Server 2008 tests retire July 31 / 2013. You still have enough time to finish all your tests. If you're done with your MCITP you can take one upgrade test and you will be certified for Server 2012.

http://www.microsoft.com/learning/en/us/exam.aspx?id=70-647&locale=en-us

Guys will the exam totally change at 2013 ? like i want to take 640-642-643-647

if i take 640 and 642 and pass, after 2013 there would be no 643 or 647 to continue my exams and get my mcse complete certificate ??? please help

@ laur
thanks alot

@Tamer . The answer in not C. The question said the shared folders already exists and could be more then 1 ("The file servers contain confidential data in shared folders"). The C answer says "On the three file servers, create a share on the root of each hard disk". So you're denying access to this new created folder.
The dump has correct anwer because it denies acces to those servers.

Passed today with 800 this dump is awesome.Must of the questions are between H-L but need to study everything. Thanks so much.

Very valid dump! Only 1 new question! Passed yesterday with 929. Thanks Examcollection :)

Your company has a single Active Directory forest with a single domain. Consultants in different departments of the company require access to different network resources. The consultants belong to a global group named TempWorkers. Three file servers are placed in a new

organizational unit named SecureServers. The file servers contain confidential data in shared folders. You need to prevent the consultants from accessing the confidential data.

What should you do?

A-Create a new Group Policy Object (GPO) and link it to the SecureServers organizational unit. Assign the Deny access to this computer from the network user right to the TempWorkers global group.

B-Create a new Group Policy Object (GPO) and link it to the domain. Assign the Deny access to this computer from the network user right to the TempWorkers global group

C-On the three file servers, create a share on the root of each hard disk. Configure the Deny Full control permission for the TempWorkers global group on the share

D-Create a new Group Policy Object (GPO) and link it to the domain. Assign the Deny log on locally user right to the TempWorkers global group.

E-Create a new Group Policy Object (GPO) and link it to the SecureServers organizational unit. Assign the Deny log on locally user right to the TempWorkers global group.

i think it should be c! ,please help

@Rade
Apologies
I think the answer for 'The corporate network of Company consists of a Windows Server 2008 single Active Directory domain. The
domain has two servers.question is ADF

@Rade

according to me both the answers are correct.

@Agent10

Q is:

Your company has an Active Directory domain. All servers run Windows Server 2008 R2. Your company uses
an Enterprise Root certification authority (CA) and an Enterprise Intermediate CA.
The Enterprise Intermediate CA certificate expires.
You need to deploy a new Enterprise Intermediate CA certificate to all computers in the domain.
What should you do?
A. Import the new certificate into the Intermediate Certification Store on the Enterprise Root CA server.
B. Import the new certificate into the Intermediate Certification Store on the Enterprise Intermediate CA server.
C. Import the new certificate into the Intermediate Certification Store in the Default Domain Controllers group
policy object.
D. Import the new certificate into the Intermediate Certification Store in the Default Domain group policy object.

The corporate network of Company consists of a Windows Server 2008 single Active Directory domain. The
domain has two servers named Company 1 and Company 2. To ensure central monitoring of events you
decided to collect all the events on one server, Company 1. To collect events from Company 2. and transfer
them to Company 1, you configured the required event subscriptions. You selected the Normal option for the
Event delivery optimization setting by using the HTTP protocol. However, you discovered that none of the
subscriptions work. Which of the following actions would you perform to configure the event collection and event
forwarding on the two servers? (Select three. Each answer is a part of the complete solution).
A. Through Run window execute the winrm quickconfig command on Company 2.
B. Through Run window execute the wecutil qc command on Company 2.
C. Add the Company 1 account to the Administrators groupon Company 2.
D. Through Run window execute the winrm quickconfig command on Company 1.
E. Add the Company 2 account to the Administrators group on Company 1.
F. Through Run window execute the wecutil qc command on Company 1.

ACF answer!?Is this correct?

@Rade
Please type in the question?

Can someone confirm that the answer to Q34 Exam B is B?

I've passed today 18 Oct 2012 with the score of 894/1000.This dump still valid 95% in Vietnam.About 3 new questions in the real exam.Good luck to all !

@ Worm
Mate the answer is correct i.e. to use dcpromo/adv if u would like to reduce the size of replication.
Using NTDSUTIL is not the recommended procedure coz u need to have IFM n all.

I have passed yesterday. It is 90% Valid. Try to concentrate on DNS part.

I test it tomorrow. (^_^)

I have passed.It is 100% valid. I Scored 717 today

Guys will the exam totally change at 2013 ? like i want to take 640-642-643-647

if i take 640 and 642 and pass, after 2013 there would be no 643 or 647 to continue my exams and get my mcse complete certificate ??? please help

end of august nowanonymus posted here that he uploaded a new one with corrected answers -> .v2012-08-30.by.Nowanon.468q
there are still some wrong answers in both, but there should be more wrong in the older fixedanswers.
So please tell us which answers are in the newer version, named nowanon, wrong and in the previous version, named fixedanswers, right.

Just sat for the exam yesterday in Malaysia. About 7 new questions and about 10 more questions (they twisted the question structure) and for 1 question(no appropriate answer - so i chose the best one) - Results 846(passed). You can fully rely on FIXED ANSWERS dumb and not newanon(lots of wrong answers). Dont just memorise - Understand it, and google up all terms that you are not familiar with.

PASSED EXAM TODAY, THIS DUMP IS STILL VALID IN PAKISTAN, BUT STUDY HARD AND MEMORIZE THE WHOLE QUESTION NOT EVEN ONE OPTION.
THANKS APLOADERS.
REGARDS

Passed today for 70-648 Learned this exam. I believe all the questions were in this fixed answers.
Tnx from Holland

I think that Exam G, Question 6 has its answer incorrect.

Your network contains an Active Directory domain named contoso.com. Contoso.com contains a writable domain controller named DC1 and a read-only domain controller (RODC) named DC2. All domain controllers run Windows Server 2008 R2. You need to install a new writable domain controller named DC3 in a remote site. The solution must minimize the amount of replication traffic that occurs during the installation of Active Directory Domain Services (AD DS) on DC3. What should you do first?

A) Run dcpromo.exe /createdcaccount on DC3.
B) Run ntdsutil.exe on DC2.
C) Run dcpromo.exe /adv on DC3.
D) Run ntdsutil.exe on DC1.

According to dump the answer is C, but the question indicates what you should do FIRST?
FIRST you need to create Install From Media (IFM) using ntdsutil.exe on DC1, and than you run dcpromo.exe /adv and specify IFM files path to minimize replication traffic.

valid in india passed today 911. only 2new question

valid,passed yesterday 735-1000 study all question good and u will pass it,thx for all who helped

Dump is valid 99% passed today 880.!
thx guys. You must learn all of the questions.!

Dump is valid, passed today 87 %.