[Free] 2018(June) Ensurepass Microsoft 70-640 Dumps with VCE and PDF 101-110

Ensurepass.com : Ensure you pass the IT Exams
2018 May Microsoft Official New Released 70-640
100% Free Download! 100% Pass Guaranteed!

Windows Server 2008 Active Directory, Configuring

Question No: 101 – (Topic 2)

Your network contains a single Active Directory domain that has two sites named Site1 and Site2. Site1 has two domain controllers named DC1 and DC2. Site2 has two domain controllers named DC3 and DC4.

DC3 fails.

You discover that replication no longer occurs between the sites.

You verify the connectivity between DC4 and the domain controllers in Site1. On DC4, you run repadmin.exe /kcc.

Replication between the sites continues to fail.

You need to ensure that Active Directory data replicates between the sites. What should you do?

  1. From Active Directory Sites and Services, modify the properties of DC3.

  2. From Active Directory Sites and Services, modify the NTDS Site Settings of Site2.

  3. From Active Directory Users and Computers, modify the location settings of DC4.

  4. From Active Directory Users and Computers, modify the delegation settings of DC4.

    Answer: A

    Reference:

    MCTS 70-640 Cert Guide: Windows Server 2008 Active Directory, Configuring (Pearson IT Certification, 2010) pages 193, 194

    Bridgehead Servers

    A bridgehead server is the domain controller designated by each site’s KCC to take control of intersite replication. The bridgehead server receives information replicated from other sites and replicates it to its site’s other domain controllers. It ensures that the greatest portion of replication occurs within sites rather than between them.

    In most cases, the KCC automatically decides which domain controller acts as the bridgehead server.

    However, you can use Active Directory Sites and Services to specify which domain controller will be the preferred bridgehead server by using the following steps:

    1. In Active Directory Sites and Services, expand the site in which you want to specify the preferred bridgehead server.

    2. Expand the Servers folder to locate the desired server, right-click it, and then choose

      Properties.

    3. From the list labeled Transports available for intersite data transfer, select the protocol(s) for which you want to designate this server as a preferred bridgehead server and then click Add.

      Question No: 102 – (Topic 2)

      You have an Active Directory domain named contoso.com.

      You have a domain controller named Server1 that is configured as a DNS server.

      Server1 hosts a standard primary zone for contoso.com. The DNS configuration of Server1 is shown in the exhibit. (Click the Exhibit button.)

      Ensurepass 2018 PDF and VCE

      You discover that stale resource records are not automatically removed from the contoso.com zone.

      You need to ensure that the stale resource records are automatically removed from the contoso.com zone.

      What should you do?

      1. Set the scavenging period of Server1 to 0 days.

      2. Modify the Server Aging/Scavenging properties.

      3. Configure the aging properties for the contoso.com zone.

      4. Convert the contoso.com zone to an Active Directory-integrated zone.

        Answer: C Explanation:

        Ensurepass 2018 PDF and VCE

        C:\Documents and Settings\usernwz1\Desktop\1.PNG

        http://technet.microsoft.com/en-us/library/cc816625(v=ws.10).aspx Set Aging and Scavenging Properties for a Zone

        The DNS Server service supports aging and scavenging features. These features are provided as a mechanism for performing cleanup and removal of stale resource records, which can accumulate in zone data over time.

        You can use this procedure to set the aging and scavenging properties for a specific zone using either the DNS Manager snap-in or the dnscmd command-line tool.

        To set aging and scavenging properties for a zone using the Windows interface

        1. Open DNS Manager. To open DNS Manager, click Start, point to Administrative Tools, and then click DNS.

        2. In the console tree, right-click the applicable zone, and then click Properties.

        3. On the General tab, click Aging.

        4. Select the Scavenge stale resource records check box.

        5. Modify other aging and scavenging properties as needed.

To set aging and scavenging properties for a zone using a command line

  1. Open a command prompt. To open an elevated Command Prompt window, click Start, point to All

    Programs, click Accessories, right-click Command Prompt, and then click Run as administrator.

  2. At the command prompt, type the following command, and then press ENTER:

    dnscmd lt;ServerNamegt; /Config lt;ZoneNamegt; {/Aging lt;Valuegt;|/RefreshInterval lt;Valuegt;|/ NoRefreshInterval lt;Valuegt;}

    Ensurepass 2018 PDF and VCE

    C:\Documents and Settings\usernwz1\Desktop\1.PNG

    Question No: 103 – (Topic 2)

    Your company has a main office and five branch offices that are connected by WAN links. The company has an Active Directory domain named contoso.com.

    Each branch office has a member server configured as a DNS server. All branch office DNS servers host a secondary zone for contoso.com.

    You need to configure the contoso.com zone to resolve client queries for at least four days in the event that a WAN link fails.

    What should you do?

    1. Configure the Expires after option for the contoso.com zone to 4 days.

    2. Configure the Retry interval option for the contoso.com zone to 4 days.

    3. Configure the Refresh interval option for the contoso.com zone to 4 days.

    4. Configure the Minimum (default) TTL option for the contoso.com zone to 4 days.

      Answer: A Explanation:

      http://technet.microsoft.com/en-us/library/cc816704(v=ws.10).aspx Adjust the Expire Interval for a Zone

      You can use this procedure to adjust the expire interval for a Domain Name System (DNS) zone. Other DNS servers that are configured to load and host the zone use the expire interval to determine when zone data expires if it is not successfully transferred. By default, the expire interval for each zone is set to one day.

      You can complete this procedure using either the DNS Manager snap-in or the dnscmd command-line tool.

      To adjust the expire interval for a zone using the Windows interface

      1. Open DNS Manager. To open DNS Manager, click Start, point to Administrative Tools, and then click DNS.

      2. In the console tree, right-click the applicable zone, and then click Properties.

      3. On the General tab, verify that the zone type is either Primary or Active Directory- integrated.

      4. Click the Start of Authority (SOA) tab.

      5. In Expires after, click a time period in minutes, hours, or days, and then type a number in the text box.

      6. Click OK to save the adjusted interval.

        Question No: 104 – (Topic 2)

        Your company has an Active Directory domain. All consultants belong to a global group named TempWorkers.

        The TempWorkers group is not nested in any other groups.

        You move the computer objects of three file servers to a new organizational unit named SecureServers. These file servers contain only confidential data in shared folders.

        You need to prevent members of the TempWorkers group from accessing the confidential data on the file servers.

        You must achieve this goal without affecting access to other domain resources. What should you do?

        1. Create a new GPO and link it to the SecureServers organizational unit. Assign the Deny access to this computer from the network user right to the TempWorkers global group.

        2. Create a new GPO and link it to the domain. Assign the Deny access to this computer from the network user right to the TempWorkers global group.

        3. Create a new GPO and link it to the domain. Assign the Deny log on locally user right to the TempWorkers global group.

        4. Create a new GPO and link it to the SecureServers organizational unit. Assign the Deny log on locally user right to the TempWorkers global group.

Answer: A Explanation: Personal comment:

Basically, you need to create a GPO for the Secure Servers and deny the TempWorkers access to the shared folders (implies access from the network).

quot;Deny log on locallyquot; makes no sense in this instance, because we are reffering to shared folder and supposedly physical access to servers should be highly restricted.

And best practices recommend that you link GPOs at the domain level only for domain wide purposes.

Question No: 105 – (Topic 2)

Your network contains an Active Directory forest. The forest contains two domains named contoso.com and woodgrovebank.com.

You have a custom attribute named Attibute1 in Active Directory. Attribute1 is associated to User objects.

You need to ensure that Attribute1 is replicated to the global catalog. What should you do?

  1. In Active Directory Sites and Services, configure the NTDS Settings.

  2. In Active Directory Sites and Services, configure the universal group membership caching.

  3. From the Active Directory Schema snap-in, modify the properties of the User class schema object.

  4. From the Active Directory Schema snap-in, modify the properties of the Attibute1 class schema attribute.

    Answer: D Explanation:

    http://www.tech-faq.com/the-global-catalog-server.html The Global Catalog Server

    The Global Catalog (GC) is an important component in Active Directory because it serves as the central information store of the Active Directory objects located in domains and forests. Because the GC maintains a list of the Active Directory objects in domains and forests without actually including all information on the objects and it is used when users search for Active Directory objects or for specific attributes of an object, the GC improves network performance and provides maximum accessibility to Active Directory objects.

    How to Include Additional Attributes in the GC

    The number of attributes in the GC affects GC replication. The more attributes the GC servers have to replicate, the more network traffic GC replication creates. Default attributes are included in the GC when Active

    Directory is first deployed. The Active Directory Schema snap-in can be used to add any additional attribute to the GC. Because the snap-in is by default not included in the Administrative Tools Menu, users have to add it to the MMC before it can be used to customize the GC.

    To add the Active Directory Schema snap-in in the MMC:

    1. Click Start, Run, and enter cmd in the Run dialog box. Press Enter.

    2. Enter the following at the command prompt: regsvr32 schmmgmt.dll.

    3. Click OK to acknowledge that the dll was successfully registered.

    4. Click Start, Run, and enter mmc in the Run dialog box.

    5. When the MMC opens, select Add/Remove Snap-in from the File menu.

    6. In the Add/Remove Snap-in dialog box, click Add then add the Active Directory Schema snap-in from the

      Add Standalone Snap-in dialog box.

    7. Close all open dialog boxes.

To include additional attributes in the GC:

  1. Open the Active Directory Schema snap-in.

  2. In the console tree, expand the Attributes container, right-click an attribute, and click Properties from the shortcut menu.

  3. Additional attributes are added on the General tab.

  4. Ensure that the Replicate this attribute to the Global Catalog checkbox is enabled.

  5. Click OK.

    Question No: 106 – (Topic 2)

    You are formulating the backup strategy for Active Directory Lightweight Directory Services (AD LDS) to ensure that data and log files are backed up regularly. This will also ensure the continued availability of data to applications and users in the event of a system failure.

    Because you have limited media resources, you decided to backup only specific ADLDS instance instead of taking backup of the entire volume.

    What should you do to accomplish this task?

    1. Use Windows Server backup utility and enable checkbox to take only backup of database and log files of AD LDS

    2. Use Dsdbutil.exe tool to create installation media that corresponds only to the ADLDS instance

    3. Move AD LDS database and log files on a separate volume and use windows server backup utility

    4. None of the above

Answer: B

Reference:

http://technet.microsoft.com/en-us/library/cc730941.aspx Backing up AD LDS instance data with Dsdbutil.exe

With the Dsdbutil.exe tool, you can create installation media that corresponds only to the AD LDS instance that you want to back up, as opposed to backing up entire volumes that contain the AD LDS instance.

Question No: 107 – (Topic 2)

Company runs Window Server 2008 on all of its servers. It has a single Active Directory domain and it uses Enterprise Certificate Authority. The security policy at ABC.com makes it necessary to examine revoked certificate information.

You need to make sure that the revoked certificate information is available at all times. What should you do to achieve that?

  1. Add and configure a new GPO (Group Policy Object) that enables users to accept peer certificates and link the GPO to the domain.

  2. Configure and use a GPO to publish a list of trusted certificate authorities to the domain

  3. Configure and publish an OCSP (Online certificate status protocol) responder through ISAS (Internet Security and Acceleration Server) array.

  4. Use network load balancing and publish an OCSP responder.

  5. None of the above

Answer: D Explanation:

http://technet.microsoft.com/en-us/library/ee619754(v=ws.10).aspx How Certificate Revocation Works

Question No: 108 – (Topic 2)

Your network contains an Active Directory forest named contoso.com. You plan to add a new domain named nwtraders.com to the forest.

All DNS servers are domain controllers.

You need to ensure that the computers in nwtraders.com can update their Host (A) records on any of the DNS servers in the forest.

What should you do?

  1. Add the computer accounts of all the domain controllers to the DnsAdmins group.

  2. Add the computer accounts of all the domain controllers to the DnsUpdateProxy group.

  3. Create a standard primary zone on a domain controller in the forest root domain.

  4. Create an Active Directory-integrated zone on a domain controller in the forest root domain.

Answer: D

Question No: 109 – (Topic 2)

Your network contains two Active Directory forests named contoso.com and adatum.com. Active Directory Rights Management Services (AD RMS) is deployed in contoso.com. An AD RMS trusted user domain (TUD) exists between contoso.com and adatum.com.

From the AD RMS logs, you discover that some clients that have IP addresses in the adatum.com forest are authenticating as users from contoso.com.

You need to prevent users from impersonating contoso.com users. What should you do?

  1. Configure trusted e-mail domains.

  2. Enable lockbox exclusion in AD RMS.

  3. Create a forest trust between adatum.com and contoso.com.

  4. Add a certificate from a third-party trusted certification authority (CA).

Answer: A Explanation:

http://technet.microsoft.com/en-us/library/cc753930.aspx Add a Trusted User Domain

By default, Active Directory Rights Management Services (AD RMS) does not service requests from users whose rights account certificate (RAC) was issued by a different AD RMS installation. However, you can add user domains to the list of trusted user domains (TUDs), which allows AD RMS to process such requests.

For each trusted user domain (TUD), you can also add and remove specific users or groups of users. In addition, you can remove a TUD; however, you cannot remove the root cluster for this Active Directory forest from the list of TUDs. Every AD RMS server trusts the root cluster in its own forest.

You can add TUDs as follows:

To support external users in general, you can trust Windows Live ID. This allows an AD RMS cluster that is in your company to process licensing requests that include a RAC that was issued by Microsoft’s online RMS service. For more information about trusting Windows Live ID in your organization, see Use Windows Live ID to Establish RACs for Users.

To trust external users from another organization’s AD RMS installation, you can add the organization to the list of TUDs. This allows an AD RMS cluster to process a licensing request that includes a RAC that was issued by an AD RMS server that is in the other organization.

In the same manner, to process licensing requests from users within your own organization who reside in a different Active Directory forest, you can add the AD RMS installation in that forest to the list of TUDs. This allows an AD RMS cluster in the current forest to process a licensing request that includes a RAC that was issued by an AD RMS cluster in the other forest.

For each TUD, you can specify which e-mail domains are trusted. For trusted Windows Live ID sites and services, you can specify which e-mail users or domains are not trusted.

Question No: 110 – (Topic 2)

Your network contains an Active Directory domain named contoso.com. You remove several computers from the network.

You need to ensure that the host (A) records for the removed computers are automatically deleted from the contoso.com DNS zone.

What should you do?

  1. Configure dynamic updates.

  2. Configure aging and scavenging.

  3. Create a scheduled task that runs the Dnscmd /ClearCache command.

  4. Create a scheduled task that runs the Dnscmd /ZoneReload contoso.com command.

    Answer: B Explanation:

    Ensurepass 2018 PDF and VCE

    C:\Documents and Settings\usernwz1\Desktop\1.PNG

    http://technet.microsoft.com/en-us/library/cc816625(v=ws.10).aspx Set Aging and Scavenging Properties for a Zone

    The DNS Server service supports aging and scavenging features. These features are provided as a mechanism for performing cleanup and removal of stale resource records, which can accumulate in zone data over time.

    You can use this procedure to set the aging and scavenging properties for a specific zone using either the DNS Manager snap-in or the dnscmd command-line tool.

    To set aging and scavenging properties for a zone using the Windows interface

    1. Open DNS Manager. To open DNS Manager, click Start, point to Administrative Tools, and then click DNS.

    2. In the console tree, right-click the applicable zone, and then click Properties.

    3. On the General tab, click Aging.

    4. Select the Scavenge stale resource records check box.

    5. Modify other aging and scavenging properties as needed.

To set aging and scavenging properties for a zone using a command line

  1. Open a command prompt. To open an elevated Command Prompt window, click Start, point to All

    Programs, click Accessories, right-click Command Prompt, and then click Run as administrator.

  2. At the command prompt, type the following command, and then press ENTER:

    dnscmd lt;ServerNamegt; /Config lt;ZoneNamegt; {/Aging lt;Valuegt;|/RefreshInterval lt;Valuegt;|/ NoRefreshInterval lt;Valuegt;}

    Ensurepass 2018 PDF and VCE

    C:\Documents and Settings\usernwz1\Desktop\1.PNG

    100% Ensurepass Free Download!
    Download Free Demo:70-640 Demo PDF
    100% Ensurepass Free Guaranteed!
    70-640 Dumps

    EnsurePass ExamCollection Testking
    Lowest Price Guarantee Yes No No
    Up-to-Dated Yes No No
    Real Questions Yes No No
    Explanation Yes No No
    PDF VCE Yes No No
    Free VCE Simulator Yes No No
    Instant Download Yes No No

Leave a Reply

Your email address will not be published. Required fields are marked *