[Free] 2018(June) Ensurepass Microsoft 70-640 Dumps with VCE and PDF 61-70

Ensurepass.com : Ensure you pass the IT Exams
2018 May Microsoft Official New Released 70-640
100% Free Download! 100% Pass Guaranteed!

Windows Server 2008 Active Directory, Configuring

Question No: 61 – (Topic 1)

Your company network has an Active Directory forest that has one parent domain and one child domain. The child domain has two domain controllers that run Windows Server 2008. All user accounts from the child domain are migrated to the parent domain. The child domain is scheduled to be decommissioned.

You need to remove the child domain from the Active Directory forest.

What are two possible ways to achieve this goal? (Each correct answer presents a complete solution. Choose two.)

  1. Run the Computer Management console to stop the Domain Controller service on both domain controllers in the child domain.

  2. Delete the computer accounts for each domain controller in the child domain. Remove the trust relationship between the parent domain and the child domain.

  3. Use Server Manager on both domain controllers in the child domain to uninstall the Active Directory domain services role.

  4. Run the Dcpromo tool that has individual answer files on each domain controller in the child domain.

    Answer: C,D Explanation:

    http://technet.microsoft.com/en-us/library/cc755937(v=ws.10).aspx Decommissioning a Domain Controller

    To complete this task, perform the following procedures:

    1. View the current operations master role holders

    2. Transfer the schema master

    3. Transfer the domain naming master

    4. Transfer the domain-level operations master roles

    5. Determine whether a domain controller is a global catalog server

    6. Verify DNS registration and functionality

    7. Verify communication with other domain controllers

    8. Verify the availability of the operations masters

    9. If the domain controller hosts encrypted documents, perform the following procedure before you remove

      Active Directory to ensure that the encrypted files can be recovered after Active Directory is removed: Export a certificate with the private key

    10. Uninstall Active Directory

    11. If the domain controller hosts encrypted documents and you backed up the certificate and private key before you remove Active Directory, perform the following procedure to re- import the certificate to the server:

      Import a certificate

    12. Determine whether a Server object has child objects

    13. Delete a Server object from a site

http://technet.microsoft.com/en-us/library/cc737258(v=ws.10).aspx Uninstall Active Directory

To uninstall Active Directory

  1. Click Start, click Run, type dcpromo and then click OK.

    Question No: 62 – (Topic 1)

    Your network consists of a single Active Directory domain. All domain controllers run Windows Server 2003.

    You upgrade all domain controllers to Windows Server 2008.

    You need to configure the Active Directory environment to support the application of multiple password policies.

    What should you do?

    1. Raise the functional level of the domain to Windows Server 2008.

    2. On one domain controller, run dcpromo /adv.

    3. Create multiple Active Directory sites.

    4. On all domain controllers, run dcpromo /adv.

Answer: A Explanation:

http://technet.microsoft.com/en-us/library/cc770842(v=ws.10).aspx

AD DS Fine-Grained Password and Account Lockout Policy Step-by-Step Guide

This step-by-step guide provides instructions for configuring and applying fine-grained password and account lockout policies for different sets of users in Windows Server庐 2008 domains.

In Microsoft庐 Windows庐 2000 and Windows Server 2003 Active Directory domains, you could apply only one password and account lockout policy, which is specified in the domain#39;s Default Domain Policy, to all users in the domain. As a result, if you wanted different password and account lockout settings for different sets of users, you had to either create a password filter or deploy multiple domains. Both options were costly for different

reasons.

In Windows Server 2008, you can use fine-grained password policies to specify multiple password policies and apply different password restrictions and account lockout policies to different sets of users within a single domain.

Requirements and special considerations for fine-grained password and account lockout policies

Domain functional level: The domain functional level must be set to Windows Server 2008 or higher.

Question No: 63 – (Topic 1)

Your company has an Active Directory forest that contains Windows Server 2008 R2 domain controllers and DNS servers. All client computers run Windows XP SP3.

You need to use your client computers to edit domain-based GPOs by using the ADMX files that are stored in the ADMX central store.

What should you do?

  1. Add your account to the Domain Admins group.

  2. Upgrade your client computers to Windows 7.

  3. Install .NET Framework 3.0 on your client computers.

  4. Create a folder on PDC emulator for the domain in the PolicyDefinitions path. Copy the ADMX files to the PolicyDefinitions folder.

Answer: B Explanation:

http://technet.microsoft.com/en-us/library/cc709647(v=ws.10).aspx Managing Group Policy ADMX Files Step-by-Step Guide

Microsoft Windows Vista庐 and Windows Server 2008 introduce a new format for displaying registry-based

policy settings. Registry-based policy settings (located under the Administrative Templates category in the

Group Policy Object Editor) are defined using a standards-based, XML file format known as ADMX files. These

new files replace ADM files, which used their own markup language. The Group Policy tools -Group Policy

Object Editor and Group Policy Management Console-remain largely unchanged. In the majority of situations,

you will not notice the presence of ADMX files during your day-to-day Group Policy administration tasks.

http://blogs.technet.com/b/grouppolicy/archive/2008/12/17/questions-on-admx-in-windows- xp-and-windows2003-

environments.aspx

Questions on ADMX in Windows XP and Windows 2003 environments

We had a question a couple of days ago about the usage of ADMX template formats in Windows XP/Server 2003 environments. Essentially the question was:

“…What’s the supported or recommended way of getting W2k8 ADMX templates applying in a W2k3 domain with or with no W2k8 DCs. What I’ve done in test is, created a central store in the /Sysvol/domain/policies folder on the 2k3 DC (PDC) and created and edited a GPO using GPMC from the W2k8 member server applying to a W2k8 machine and it seems to work just fine. Is this the right way to do it?…”

The answer is Yes. Again this is one of those things that confuse people. The template format has nothing to do with the policy file that’s created. Its just used to create the policy by the administrative tool itself. In the case of GPMC on Windows XP and Windows Server 2003 and previous – this tool used the ADM file format. These ADM files were copied into every policy object on the SYSVOL, which represents about 4MB of duplicated bloat per policy. This was one of the areas that caused major problems with an issue called SYSVOL bloat.

In Vista and Server 2008 this template format changed to ADMX. This was a complete change towards a new XML based format that aimed to eliminate SYSVOL bloat. It doesn’t copy itself into every policy object but relies on a central or local store of these templates (Note that even in the newer tools you can still import custom ADM files for stuff like Office etc).

In the question above, the person wanted to know if copying the local store, located under c:/windows/ policydefinitions, could be copied into a Windows Server 2003 domain environment as the central store and referenced by the newer admin tools. Again the domain functional mode has little to do with Group Policy. I talked about that one before. The things that we care about are the administrative tools and the client support for the policy functions. So of course it can.

Here’s the confusion-reducing scoop – Group Policy as a platform only relies on two main factors. Active Directory to store metadata about the policy objects and to allow client discoverability for the location of the policy files. The other is the SYSVOL to store the policy files. So at its core that’s LDAP and SMB file shares.

Specific extensions on top of the policy platform may require certain domain functionality but that’s very specific to that extension. Examples are the new Wireless policy and BitLocker extensions in Vista SP1. They require schema updates – not GP itself. So if you

don#39;t currently use them then you don#39;t have to update schema.

So provided you’re using Windows Vista SP1 with RSAT or Windows Server 2008 to administer the policies you get all the benefits to manage downlevel clients. That means eliminating SYSVOL bloat. That means all the joys of Group Policy Preferences. Honestly – it amazes us the amount of IT Pros that still haven’t discovered GPP…especially with the power it has to practically eliminate logon scripts! As a last point – IT Pros also ask us when we will be producing an updated GPMC version for Windows XP to support all the new stuff. The answer is that we are not producing any updated GPMC versions for Windows XP and Server 2003. All the new administrative work is being done on the newer platforms. So get moving ahead! There are some really good benefits in the newer tools and very low impact to your current environment. You only need a single Windows Vista SP1 machine to start!

Question No: 64 – (Topic 1)

Your company has an Active Directory domain named ad.contoso.com. The domain has two domain controllers named DC1 and DC2. Both domain controllers have the DNS server role installed.

You install a new DNS server named DNS1.contoso.com on the perimeter network. You configure DC1 to forward all unresolved name requests to DNS1.contoso.com.

You discover that the DNS forwarding option is unavailable on DC2.

You need to configure DNS forwarding on the DC2 server to point to the DNS1.contoso.com server.

Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

  1. Clear the DNS cache on DC2.

  2. Configure conditional forwarding on DC2.

  3. Configure the Listen On address on DC2.

  4. Delete the Root zone on DC2.

Answer: B,D Explanation:

Answer: Delete the Root zone on DC2. Configure conditional forwarding on DC2.

http://technet.microsoft.com/en-us/library/cc754941.aspx Configure a DNS Server to Use Forwarders

A forwarder is a Domain Name System (DNS) server on a network that is used to forward DNS queries for external DNS names to DNS servers outside that network. You can also configure your server to forward queries according to specific domain names using conditional forwarders.

http://social.technet.microsoft.com/Forums/en-US/winserverNIS/thread/0ca38ece-d76e- 42f0-85d5-a342f9e169f5/

Deleting .root dns zone in 2008 DNS

Q: We have 2 domain controllers and .root zone is created in the DNS. Due to which the external name resolution is not possible. I had tried to add conditional forwarders but i get an error saying that conditional forwarders cannot be created on root DNS servers.

A 1: If you have a quot;rootquot; zone created in your DNS, and you no longer want that configuration, you can just simply delete that zone. There is no reason to have a root quot;.quot; zone hosted unless you want to make sure that the DNS server is authoritative for all queries and not allow the DNS server to go elsewhere for name resolution.

If you delete this zone, the DNS server will be able to use its root hints, or fowarders to resolve queries for zones its not authoritative for.

A 2: That was from the old 2000 days where DCPROMO would create it if it detected no internet access while promoting the first DC. Jut remove it, and the Forwarders option reappear.

Further information: http://support.microsoft.com/kb/298148 How To Remove the Root Zone (Dot Zone)

http://technet.microsoft.com/en-us/library/cc731879(v=ws.10).aspx Reviewing DNS Concepts

Delegation For a DNS server to answer queries about any name, it must have a direct or indirect path to every zone in the namespace. These paths are created by means of delegation. A delegation is a record in a parent zone that lists a name server that is authoritative for the zone in the next level of the hierarchy. Delegations make it possible for servers in one zone to refer clients to servers in other zones. The following illustration shows one example of delegation.

Ensurepass 2018 PDF and VCE

C:\Documents and Settings\usernwz1\Desktop\1.PNG

The DNS root server hosts the root zone represented as a dot ( . ). The root zone contains a delegation to a zone in the next level of the hierarchy, the com zone. The delegation in the root zone tells the DNS root server that, to find the com zone, it must contact the Com server. Likewise, the delegation in the com zone tells the Com server that, to find the contoso.com zone, it must contact the Contoso server.

Note: A delegation uses two types of records. The name server (NS) resource record provides the name of an authoritative server. Host (A) and host (AAAA) resource records provide IP version 4 (IPv4) and IP version 6 (IPv6) addresses of an authoritative server. This system of zones and delegations creates a hierarchical tree that represents the DNS namespace. Each zone represents a layer in the hierarchy, and each delegation represents a branch of the tree. By using the hierarchy of zones and delegations, a DNS root server can find any name in the DNS namespace.

The root zone includes delegations that lead directly or indirectly to all other zones in the hierarchy. Any server that can query the DNS root server can use the information in the delegations to find any name in the namespace.

Question No: 65 – (Topic 1)

You are installing an application on a computer that runs Windows Server 2008 R2.

During installation, the application will need to install new attributes and classes to the Active Directory database.

You need to ensure that you can install the application. What should you do?

  1. Change the functional level of the forest to Windows Server 2008 R2.

  2. Log on by using an account that has Server Operator rights.

  3. Log on by using an account that has Schema Administrator rights and the appropriate rights to install the application.

  4. Log on by using an account that has the Enterprise Administrator rights and the appropriate rights to install the application.

Answer: C Explanation:

http://technet.microsoft.com/en-us/library/cc756898(v=ws.10).aspx Default groups

Default groups, such as the Domain Admins group, are security groups that are created automatically when you create an Active Directory domain. You can use these predefined groups to help control access to shared resources and delegate specific domain-wide administrative roles.

Groups in the Builtin container

Ensurepass 2018 PDF and VCE

The following table provides descriptions of the default groups located in the Builtin container and lists the assigned user rights for each group.

C:\Documents and Settings\usernwz1\Desktop\1.PNG Groups in the Users container

The following table provides a description of the default groups located in the Users container and lists the assigned user rights for each group.

Ensurepass 2018 PDF and VCE

C:\Documents and Settings\usernwz1\Desktop\1.PNG

Question No: 66 – (Topic 1)

Your company has a single Active Directory domain named intranet.contoso.com. All domain controllers run Windows Server 2008 R2. The domain functional level is Windows 2000 native and the forest functional level is Windows 2000.

You need to ensure the UPN suffix for contoso.com is available for user accounts. What should you do first?

  1. Raise the intranet.contoso.com forest functional level to Windows Server 2003 or higher.

  2. Raise the intranet.contoso.com domain functional level to Windows Server 2003 or higher.

  3. Add the new UPN suffix to the forest.

  4. Change the Primary DNS Suffix option in the Default Domain Controllers Group Policy Object (GPO) to contoso.com.

Answer: C Explanation:

http://support.microsoft.com/kb/243629 HOW TO: Add UPN Suffixes to a Forest Adding a UPN Suffix to a Forest

Open Active Directory Domains and Trusts.

Right-click Active Directory Domains and Trusts in the Tree window pane, and then click Properties.

On the UPN Suffixes tab, type the new UPN suffix that you would like to add to the forrest. Click Add, and then click OK.

Now when you add users to the forest, you can select the new UPN suffix to complete the

user#39;s logon name. APPLIES TO

Microsoft Windows 2000 Server

Microsoft Windows 2000 Advanced Server Microsoft Windows 2000 Datacenter Server

Question No: 67 – (Topic 1)

Your company has an Active Directory forest. The forest includes organizational units corresponding to the following four locations:

->London

->Chicago

->New York

->Madrid

Each location has a child organizational unit named Sales. The Sales organizational unit contains all the users and computers from the sales department.

The offices in London, Chicago, and New York are connected by T1 connections. The office in Madrid is connected by a 256-Kbps ISDN connection.

You need to install an application on all the computers in the sales department.

Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

  1. Create a Group Policy Object (GPO) named OfficeInstall that assigns the application to users.

    Link the GPO to each Sales organizational unit.

  2. Disable the slow link detection setting in the Group Policy Object (GPO).

  3. Configure the slow link detection threshold setting to 1,544 Kbps (T1) in the Group Policy Object (GPO).

  4. Create a Group Policy Object (GPO) named OfficeInstall that assigns the application to the computers. Link the GPO to each Sales organizational unit.

Answer: B,D Explanation:

http://technet.microsoft.com/en-us/library/cc781031(v=ws.10).aspx

Specifying Group Policy for Slow Link Detection

Administrators can partially control which Group Policy extensions are processed over a slow link. By default, when processing over a slow link, not all components of Group Policy are processed.

Table 2.6 shows the default settings for processing Group Policy over slow links.

Ensurepass 2018 PDF and VCE

C:\Documents and Settings\usernwz1\Desktop\1.PNG

Administrators can use a Group Policy setting to define a slow link for the purposes of applying and updating Group Policy. The default value defines a rate slower than 500 Kbps as a slow link.

http://technet.microsoft.com/en-us/library/cc783635(v=ws.10).aspx Assigning and Publishing Software

Assigning software to computers

After you assign a software package to computers in a site, domain, or OU, the software is installed the next time the computer restarts or the user logs on.

Further information:

http://technet.microsoft.com/en-us/library/cc978717.aspx Group Policy slow link detection

Question No: 68 – (Topic 1)

You network consists of a single Active Directory domain. All domain controllers run Windows Server 2008 R2.

You need to reset the Directory Services Restore Mode (DSRM) password on a domain controller.

What tool should you use?

  1. Active Directory Users and Computers snap-in

  2. ntdsutil

  3. Local Users and Groups snap-in

  4. dsmod

Answer: B Explanation:

http://technet.microsoft.com/en-us/library/cc753343(v=ws.10).aspx Ntdsutil

Ntdsutil.exe is a command-line tool that provides management facilities for Active Directory Domain Services (AD DS) and Active Directory Lightweight Directory Services (AD LDS).

You can use the ntdsutil commands to perform database maintenance of AD DS, manage and control single master operations, and remove metadata left behind by domain controllers that were removed from the network without being properly uninstalled. This tool is intended for use by experienced administrators.

Commands set DSRM password – Resets the Directory Services Restore Mode (DSRM) administrator password.

Further information:

http://technet.microsoft.com/en-us/library/cc754363(v=ws.10).aspx Set DSRM password

Resets the Directory Services Restore Mode (DSRM) password on a domain controller. At the Reset DSRM Administrator Password: prompt, type any of the parameters listed under “Syntax.”

This is a subcommand of Ntdsutil and Dsmgmt. Ntdsutil and Dsmgmt are command-line tools that are built into Windows Server 2008 and Windows Server 2008 R2. Ntdsutil is available if you have the Active Directory Domain Services (AD DS) or Active Directory Lightweight Directory Services (AD LDS) server role installed.

Dsmgmt is available if you have the AD LDS server role installed. These tools are also available if you install the Active Directory Domain Services Tools that are part of the Remote Server Administration Tools (RSAT).

Question No: 69 – (Topic 1)

Your company has a branch office that is configured as a separate Active Directory site and has an Active Directory domain controller.

The Active Directory site requires a local Global Catalog server to support a new application.

You need to configure the domain controller as a Global Catalog server. Which tool should you use?

  1. The Server Manager console

  2. The Active Directory Sites and Services console

  3. The Dcpromo.exe utility

  4. The Computer Management console

  5. The Active Directory Domains and Trusts console

    Answer: B Explanation:

    Answer: The Active Directory Sites and Services console http://technet.microsoft.com/en-us/library/cc781329(v=ws.10).aspx Configure a domain controller as a global catalog server

    To configure a domain controller as a global catalog server

    1. Open Active Directory Sites and Services.

      Further information:

      http://technet.microsoft.com/en-us/library/cc728188(v=ws.10).aspx What Is the Global Catalog?

      The global catalog is a distributed data repository that contains a searchable, partial representation of every object in every domain in a multidomain Active Directory Domain Services (AD DS) forest. The global catalog is stored on domain controllers that have been designated as global catalog servers and is distributed through multimaster replication.

      Searches that are directed to the global catalog are faster because they do not involve referrals to different domain controllers.

      In addition to configuration and schema directory partition replicas, every domain controller in a forest stores a full, writable replica of a single domain directory partition. Therefore, a domain controller can locate only the objects in its domain. Locating an object in a different domain would require the user or application to provide the domain of the requested object. The global catalog provides the ability to locate objects from any domain without having to know the domain name. A global catalog server is a domain controller that, in addition to its full, writable domain directory partition replica, also stores a partial, read-only replica of all other domain directory partitions in the forest. The additional domain directory partitions are

      partial because only a limited set of attributes is included for each object. By including only the attributes that are most used for searching, every object in every domain in even the largest forest can be represented in the database of a single global catalog server.

      Note: A global catalog server can also store a full, writable replica of an application directory partition, but objects in application directory partitions are not replicated to the global catalog as partial, read-only directory partitions.

      The global catalog is built and updated automatically by the AD DS replication system. The attributes that are replicated to the global catalog are identified in the schema as the partial attribute set (PAS) and are defined by default by Microsoft. However, to optimize searching, you can edit the schema by adding or removing attributes that are stored in the global catalog.

      In Windows 2000 Server environments, any change to the PAS results in full synchronization (update of all attributes) of the global catalog. Later versions of Windows Server reduce the impact of updating the global catalog by replicating only the attributes that change.

      In a single-domain forest, a global catalog server stores a full, writable replica of the domain and does not store any partial replica. A global catalog server in a single-domain forest functions in the same manner as a nonglobal-catalog server except for the processing of forest-wide searches.

      Question No: 70 – (Topic 1)

      Contoso, Ltd. has an Active Directory domain named ad.contoso.com. Fabrikam, Inc. has an Active Directory domain named intranet.fabrikam.com. Fabrikam#39;s security policy prohibits the transfer of internal DNS zone data outside the Fabrikam network.

      You need to ensure that the Contoso users are able to resolve names from the intranet.fabrikam.com domain.

      What should you do?

      1. Create a new stub zone for the intranet.fabrikam.com domain.

      2. Configure conditional forwarding for the intranet.fabrikam.com domain.

      3. Create a standard secondary zone for the intranet.fabrikam.com domain.

      4. Create an Active DirectoryCintegrated zone for the intranet.fabrikam.com domain.

Answer: B

Explanation:

Answer: Configure conditional forwarding for the intranet.fabrikam.com domain.

http://technet.microsoft.com/en-us/library/cc730756.aspx Understanding Forwarders

A forwarder is a Domain Name System (DNS) server on a network that forwards DNS queries for external DNS names to DNS servers outside that network. You can also forward queries according to specific domain names using conditional forwarders.

You designate a DNS server on a network as a forwarder by configuring the other DNS servers in the network to forward the queries that they cannot resolve locally to that DNS server. By using a forwarder, you can manage name resolution for names outside your network, such as names on the Internet, and improve the efficiency of name resolution for the computers in your network.

Ensurepass 2018 PDF and VCE

The following figure illustrates how external name queries are directed with forwarders.

C:\Documents and Settings\usernwz1\Desktop\1.PNG Conditional forwarders

A conditional forwarder is a DNS server on a network that forwards DNS queries according to the DNS domain name in the query. For example, you can configure a DNS server to forward all the queries that it receives for names ending with corp.contoso.com to the IP address of a specific DNS server or to the IP addresses of multiple DNS servers.

Further information:

http://technet.microsoft.com/en-us/library/cc794735(v=ws.10).aspx Assign a Conditional Forwarder for a Domain Name http://technet.microsoft.com/en-us/library/cc754941.aspx

Configure a DNS Server to Use Forwarders

100% Ensurepass Free Download!
Download Free Demo:70-640 Demo PDF
100% Ensurepass Free Guaranteed!
70-640 Dumps

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

Leave a Reply

Your email address will not be published. Required fields are marked *