[Free] 2018(June) Ensurepass Microsoft 70-640 Dumps with VCE and PDF 251-260

Ensurepass.com : Ensure you pass the IT Exams
2018 May Microsoft Official New Released 70-640
100% Free Download! 100% Pass Guaranteed!

Windows Server 2008 Active Directory, Configuring

Question No: 251 – (Topic 3)

Your network contains an Active Directory domain. All servers run Windows Server 2008 R2.

You need to audit the deletion of registry keys on each server. What should you do?

  1. From Audit Policy, modify the Object Access settings and the Process Tracking settings.

  2. From Audit Policy, modify the System Events settings and the Privilege Use settings.

  3. From Advanced Audit Policy Configuration, modify the System settings and the Detailed Tracking settings.

  4. From Advanced Audit Policy Configuration, modify the Object Access settings and the Global Object Access Auditing settings.

Answer: D

Reference:

http://technet.microsoft.com/en-us/library/dd408940.aspx Advanced Security Audit Policy Step-by-Step Guide

A global object access audit policy can be used to enforce object access audit policy for a computer, file share, or registry.

Question No: 252 – (Topic 3)

Your network contains an Active Directory domain named contoso.com. Contoso.com contains three servers.

The servers are configured as shown in the following table.

Ensurepass 2018 PDF and VCE

You need to ensure that users can manually enroll and renew their certificates by using the Certificate Enrollment Web Service.

Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

  1. Configure the policy module settings.

  2. Configure the issuance requirements for the certificate templates.

  3. Configure the Certificate Services Client – Certificate Enrollment Policy Group Policy setting.

  4. Configure the delegation settings for the Certificate Enrollment Web Service application

pool account.

Answer: B,D Explanation: Reference 1:

http://technet.microsoft.com/en-us/library/dd759245.aspx

The Certificate Enrollment Web Service can process enrollment requests for new certificates and for certificate renewal. In both cases, the client computer submits the request to the Web service and the Web service submits the request to the certification authority (CA) on behalf of the client computer. For this reason, the Web service account must be trusted for delegation in order to present the client identity to the CA.

Reference 2:

http://social.technet.microsoft.com/wiki/contents/articles/7734.certificate-enrollment-web- services-in-active-directory-certificate-services.aspx

Delegation is required for the Certificate Enrollment Web Service account when all of the following are true:

The CA is not on the same computer as the Certificate Enrollment Web Service

Certificate Enrollment Web Service needs to be able to process initial enrollment requests, as opposed to only processing certificate renewal requeststhe authentication type is set to Windows Integrated Authentication or Client certificate authentication

Question No: 253 – (Topic 3)

You configure and deploy a Group Policy object (GPO) that contains AppLocker settings. You need to identify whether a specific application file is allowed to run on a computer.

Which Windows PowerShell cmdlet should you use?

  1. Get-AppLockerFileInformation

  2. Get-GPOReport

  3. Get-GPPermissions

  4. Test-AppLockerPolicy

Answer: D

Reference:

http://technet.microsoft.com/en-us/library/ee460960.aspx Test-AppLockerPolicy

Tests whether the input files are allowed to run for a given user based on the specified AppLocker policy.

Question No: 254 – (Topic 3)

You have a Windows PowerShell script that contains the following code:

import-csv Accounts.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true – AccountPassword $_. password}

When you run the script, you receive an error message indicating that the format of the password is incorrect.The script fails.

You need to run a script that successfully creates the user accounts by using the password contained in accounts.csv.

Which script should you run?

  1. import-csv Accounts.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true – AccountPassword(ConvertTo-SecureString quot;Passwordquot; -AsPlainText -force)}

  2. import-csv Accounts.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true – AccountPassword(ConvertTo-SecureString $_.Password -AsPlainText -force)}

  3. import-csv Accounts.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true – AccountPassword(Read-Host -AsSecureString quot;Passwordquot;)}

  4. import-csv Accounts.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true – AccountPassword(Read-Host -AsSecureString $_.Password)}

Answer: B Explanation:

import-csv Accounts.csv | Foreach {

New-ADUser -Name $_.Name -Enabled $true – AccountPassword (ConvertTo-

SecureString $_.Password – AsPlainText -force)} Personal comment:

import comma separated values file (most probably containing a column for Name and one for Password) for each line of values create a new AD user with the name contained in the Name column enable the account and set the password with the value contained in the Password column; import the password from plain text as a secure string and ignore warnings/errors

http://technet.microsoft.com/en-us/library/hh849818.aspx ConvertTo-SecureString

Parameters

-AsPlainText

Specifies a plain text string to convert to a secure string. The secure string cmdlets help protect confidential text. The text is encrypted for privacy and is deleted from computer memory after it is used. If you use this parameter to provide plain text as input, the system cannot protect that input in this manner. To use this parameter, you must also specify the Force parameter.

-Force Confirms that you understand the implications of using the AsPlainText parameter and still want to use it.

Question No: 255 – (Topic 3)

Your network contains an Active Directory domain named contoso.com. The network has a branch office site that contains a read-only domain controller (RODC) named RODC1.

RODC1 runs Windows Server 2008 R2.

A user named User1 logs on to a computer in the branch office site.

You discover that the password of User1 is not stored on RODC1. You need to ensure that User1#39;s password is stored on RODC1.

What should you modify?

  1. the Member Of properties of RODC1

  2. the Member Of properties of User1

  3. the Security properties of RODC1

  4. the Security properties of User1

Answer: B Explanation:

http://technet.microsoft.com/en-us/library/rodc-guidance-for-administering-the-password- replication-policy(v=ws.10).aspx

Administering the Password Replication Policy Personal comment:

Basically, these are the default settings for the Password Replication Policy of a specific RODC:

Ensurepass 2018 PDF and VCE

C:\Documents and Settings\usernwz1\Desktop\1.PNG

So, if you would add a user to be a member of a group that is allowed to store passwords on that specific RODC, then that user#39;s password would be stored on that RODC.

Ensurepass 2018 PDF and VCE

C:\Documents and Settings\usernwz1\Desktop\1.PNG

Question No: 256 – (Topic 3)

Your network contains a single Active Directory domain.

You need to create an Active Directory Domain Services snapshot. What should you do?

  1. Use the Ldp tool.

  2. Use the NTDSUtil tool.

  3. Use the Wbadmin tool.

  4. From Windows Server Backup, perform a full backup.

    Answer: B

    Reference:

    http://technet.microsoft.com/en-us/library/cc753609.aspx To create an AD DS or AD LDS snapshot

    1. Log on to a domain controller as a member of the Enterprise Admins groups or the Domain Admins group.

    2. Click Start, right-click Command Prompt, and then click Run as administrator.

    3. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.

    4. At the elevated command prompt, type the following command, and then press ENTER: ntdsutil

    5. At the ntdsutil prompt, type the following command, and then press ENTER: snapshot

    6. At the snapshot prompt, type the following command, and then press ENTER: activate instance ntds

    7. At the snapshot prompt, type the following command, and then press ENTER: create

      Question No: 257 – (Topic 3)

      You have an Active Directory snapshot.

      You need to view the contents of the organizational units (OUs) in the snapshot. Which tools should you run?

      1. explorer.exe, netdom.exe, and dsa.msc

      2. ntdsutil.exe, dsamain.exe, and dsa.msc

      3. wbadmin.msc, dsamain.exe, and netdom.exe

      4. wbadmin.msc, ntdsutil.exe, and explorer.exe

Answer: B

Question No: 258 – (Topic 3)

Your network contains an Active Directory domain that has two sites.

You need to identify whether logon scripts are replicated to all domain controllers. Which folder should you verify?

  1. GroupPolicy

  2. NTDS

  3. SoftwareDistribution

  4. SYSVOL

Answer: D

Reference:

http://technet.microsoft.com/en-us/library/cc794837.aspx

SYSVOL is a collection of folders that contain a copy of the domain’s public files, including system policies, logon scripts, and important elements of Group Policy objects (GPOs).

Question No: 259 – (Topic 3)

Your company has a main office and four branch offices. An Active Directory site exists for each office. Each site contains one domain controller. Each branch office site has a site link to the main office site.

You discover that the domain controllers in the branch offices sometimes replicate directly to each other.

You need to ensure that the domain controllers in the branch offices only replicate to the domain controller in the main office.

What should you do?

  1. Modify the firewall settings for the main office site.

  2. Disable the Knowledge Consistency Checker (KCC) for each branch office site.

  3. Disable site link bridging.

  4. Modify the security settings for the main office site.

Answer: C

Reference:

http://technet.microsoft.com/en-us/library/cc757117.aspx

Configuring site link bridges

By default, all site links are bridged, or transitive. This allows any two sites that are not connected by an explicit site link to communicate directly, through a chain of intermediary site links and sites. One advantage to bridging all site links is that your network is easier to maintain because you do not need to create a site link to describe every possible path between pairs of sites.

Generally, you can leave automatic site link bridging enabled. However, you might want to disable automatic site link bridging and create site link bridges manually just for specific site links, in the following cases:

You have a network routing or security policy in place that prevents every domain controller from being able to directly communicate with every other domain controller.

Question No: 260 – (Topic 3)

Your company has four offices. The network contains a single Active Directory domain. Each office has a domain controller. Each office has an organizational unit (OU) that contains the user accounts for the users in that office. In each office, support technicians perform basic troubleshooting for the users in their respective office.

You need to ensure that the support technicians can reset the passwords for the user accounts in their respective office only. The solution must prevent the technicians from creating user accounts.

What should you do?

  1. For each OU, run the Delegation of Control Wizard.

  2. For the domain, run the Delegation of Control Wizard.

  3. For each office, create an Active Directory group, and then modify the security settings for each group.

  4. For each office, create an Active Directory group, and then modify the controlAccessRights attribute for each group.

    Answer: A

    Explanation:

    Reference 1:

    http://technet.microsoft.com/en-us/library/cc732524.aspx To delegate control of an organizational unit

    1. To open Active Directory Users and Computers, click Start, click Control Panel, double- click Administrative

      Tools, and then double-click Active Directory Users and Computers.

    2. To open Active Directory Users and Computers in Windows Server庐 2012, click Start, type dsa.msc.

    3. In the console tree, right-click the organizational unit (OU) for which you want to delegate control.

    4. Click Delegate Control to start the Delegation of Control Wizard, and then follow the instructions in the wizard.

      Reference 2:

      http://technet.microsoft.com/en-us/library/dd145442.aspx Delegate the following common tasks

      The following are common tasks that you can select to delegate control of them: Reset user passwords and force password change at next logon

      100% Ensurepass Free Download!
      Download Free Demo:70-640 Demo PDF
      100% Ensurepass Free Guaranteed!
      70-640 Dumps

      EnsurePass ExamCollection Testking
      Lowest Price Guarantee Yes No No
      Up-to-Dated Yes No No
      Real Questions Yes No No
      Explanation Yes No No
      PDF VCE Yes No No
      Free VCE Simulator Yes No No
      Instant Download Yes No No

Leave a Reply

Your email address will not be published. Required fields are marked *