[Free] 2018(May) EnsurePass Testinsides Microsoft 70-640 Dumps with VCE and PDF 371-380

Ensurepass.com : Ensure you pass the IT Exams
2018 May Microsoft Official New Released 70-640
100% Free Download! 100% Pass Guaranteed!

Windows Server 2008 Active Directory, Configuring

Question No: 371 – (Topic 4)

A corporate environment includes a Windows Server 2008 R2 Active Directory Domain Services (AD DS) domain.

You need to enable Universal Group Membership Caching on several domain controllers in the domain.

Which tool should you use?

  1. Dsmod

  2. Dscmd

  3. Ntdsutil

  4. Active Directory Sites and Services console

    Answer: D

    Reference:

    http://technet.microsoft.com/en-us/library/cc816928.aspx

    Enable Universal Group Membership Caching in a Site

    In a branch site that has no global catalog server and in a forest that has multiple domains, you can use this procedure to enable Universal Group Membership Caching on a domain controller in the site so that a global catalog server does not have to be contacted across a wide area network (WAN) link for every initial user logon.

    To enable Universal Group Membership Caching in a site

    1. Open Active Directory Sites and Services.

    2. In the console tree, expand Sites, and then click the site in which you want to enable Universal Group Membership Caching.

    3. In the details pane, right-click the NTDS Site Settings object, and then click Properties.

    4. Under Universal Group Membership Caching, select Enable Universal Group Membership Caching.

    5. In the Refresh cache from list, click the site that you want the domain controller to contact when the

      Universal Group membership cache must be updated, and then click OK.

      Question No: 372 – (Topic 4)

      Your network contains an Active Directory domain named adatum.com. The domain contains a domain controller named DC1. DC1 has an IP address of 192.168.200.100.

      You need to identify the zone that contains the Pointer (PTR) record for DC1. Which zone should you identify?

      1. adatum.com

      2. _msdcs.adatum.com

        C. 100.168.192.in-addr.arpa

        D. 200.168.192.in-addr.arpa

        Answer: D Explanation:

        Reference 1:

        MCTS 70-640 Cert Guide: Windows Server 2008 Active Directory, Configuring (Pearson IT Certification, 2010) page 57

        Reverse lookup: This occurs when a client computer knows the IP address of another computer and requires its hostname, which can be found in the DNS server’s PTR (pointer) resource record.

        Reference 2:

        MCTS 70-640 Cert Guide: Windows Server 2008 Active Directory, Configuring (Pearson IT Certification, 2010) page 45/730

        You are configuring a reverse lookup zone for your network, which uses the Class C network address range of 192.168.5.0/24. Which of the following addresses should you use for the reverse lookup zone?

        1. 5.168.192.in-addr.arpa b. 0.5.168.192.in-addr.arpa

  1. 192.168.5.in-addr.arpa d. 192.168.5.0.in-addr.arpa

    The reverse lookup zone contains octets of the network portion of the IP address in reverse sequence and uses a special domain name ending in in-addr.arpa. Thus the correct address is 5.168.192.in-addr.arpa. You do not use the host portion of the IP address, so 0.5.168.192.in-addr.arpa is incorrect. The octets must be specified in reverse sequence, so the other two choices are both incorrect.

    Question No: 373 – (Topic 4)

    Your network contains an Active Directory forest named contoso.com. The functional level of the forest is Windows Server 2008 R2. The forest contains a single domain.

    You need to ensure that objects can be restored from the Active Directory Recycle Bin. Which tool should you use?

    1. Ntdsutil

    2. Set-ADDomain

    3. Dsamain

    4. Enable-ADOptionalFeature

Answer: D Explanation:

Similar question to question E/Q28 Reference:

http://technet.microsoft.com/en-us/library/dd379481.aspx

Enabling Active Directory Recycle Bin

After the forest functional level of your environment is set to Windows Server 2008 R2, you can enable Active Directory Recycle Bin by using the following methods:

Enable-ADOptionalFeature Active Directory module cmdlet (This is the recommended method.)

Ldp.exe

Question No: 374 – (Topic 4)

Your network contains a single Active Directory domain. The domain contains an enterprise certification authority (CA).

You need to ensure that the encryption keys for e-mail certificates can be recovered from

the CA database.

You modify the e-mail certificate template to support key archival. What should you do next?

  1. Issue the key recovery agent certificate template.

  2. Run certutil.exe -recoverkey.

  3. Run certreq.exe-policy.

  4. Modify the location of the Authority Information Access (AIA) distribution point.

Answer: A

Reference:

http://technet.microsoft.com/en-us/library/cc770588.aspx Identify a Key Recovery Agent

A key recovery agent is a person who is authorized to recover a certificate on behalf of an end user. Because the role of key recovery agents can involve sensitive data, only highly trusted individuals should be assigned to this role.

To identify a key recovery agent, you must configure the Key Recovery Agent certificate template to allow the person assigned to this role to enroll for a key recovery agent certificate.

Question No: 375 – (Topic 4)

Your network contains an enterprise certification authority (CA) that runs Windows Server 2008 R2 Enterprise.

You need to ensure that users can enroll for certificates that use the IPSEC (Offline request) certificate template

Which snap-in should you use?

  1. Enterprise PKI

  2. TPM Management

  3. Certificates

  4. Active Directory Users and Computers

  5. Authorization Manager

  6. Certification Authority

  7. Group Policy Management

  8. Security Templates

  9. Certificate Templates

Answer: I

Reference:

http://social.technet.microsoft.com/Forums/en/winserversecurity/thread/962be5d1-d824- 4dd8-a501-3c3a9d600083

The user should have proper permission on Certificate Templates. Please follow the steps below for troubleshooting:

  1. Open MMC, add Certificate Templates snap-in.

  2. Double-click IPSec (Offline Request), switch to Security tab, give the user Read and Enroll rights.

  3. Close and restart IE on clients computer to test.

    Question No: 376 – (Topic 4)

    You install an Active Directory domain in a test environment.

    You need to reset the passwords of all the user accounts in the domain from a domain controller.

    Which two Windows PowerShell commands should you run? (Each correct answer presents part of the solution, choose two.)

    1. $ newPassword = *

    2. Import-Module ActiveDirectory

    3. Import-Module WebAdministration

    4. Get- AdUser -filter * | Set- ADAccountPossword – NewPassword $ newPassword – Reset

    5. Set- ADAccountPossword – NewPassword – Reset

    6. $ newPassword = (Read-Host – Prompt quot;New Passwordquot; – AsSecureString )

    7. Import-Module ServerManager

Answer: D,F Explanation:

First we create a variable, $newPassword, and prompt the user for the password to assign it to the variable.

Next we use Get-ADUser -filter * to collect all user accounts and pipe it through to SetADAccountPassword to assign the $newPassword variable to every account#39;s new password.

Note that Set- ADAccountPossword must be a typo. Reference 1:

http://technet.microsoft.com/en-us/library/ee176935.aspx

Prompting a User to Enter Information

The Read-Host cmdlet enables you to interactively prompt a user for information. For example, this command prompts the user to enter his or her name, then stores that name in the variable $Name (to answer the prompt, type a name and then press ENTER):

$Name = Read-Host quot;Please enter your namequot; Reference 2:

http://technet.microsoft.com/en-us/library/ee617241.aspx Get-ADUser Gets one or more Active Directory users.

Reference 3:

http://technet.microsoft.com/en-us/library/ee617261.aspx

Set-ADAccountPassword Modifies the password of an Active Directory account. Parameters

NewPassword

Specifies a new password value. Reset

Specifies to reset the password on an account. When you use this parameter, you must set the NewPassword parameter. You do not need to specify the OldPassword parameter.

Question No: 377 – (Topic 4)

A corporate network includes an Active Directory-integrated zone. All DNS servers that

host the zone are domain controllers.

You add multiple DNS records to the zone.

You need to ensure that the new records are available on all DNS servers as soon as possible.

Which tool should you use?

  1. Ldp

  2. Repadmin

  3. Ntdsutil

  4. Nslookup

  5. Active Directory Sites And Services console

  6. Active Directory Domains And Trusts console

  7. Dnslint

  8. Dnscmd

Answer: B Explanation:

To make sure that the new DNS records are replicated to all DNS servers we can use the repadmin tool.

Reference:

http://technet.microsoft.com/en-us/library/cc811569.aspx Forcing Replication

Sometimes it becomes necessary to forcefully replicate objects and entire partitions between domain controllers that may or may not have replication agreements.

Force a replication event with all partners

The repadmin /syncall command synchronizes a specified domain controller with all replication partners.

Syntax

repadmin /syncall lt;DCgt; [lt;NamingContextgt;] [lt;Flagsgt;] Parameters

lt;DCgt;

Specifies the host name of the domain controller to synchronize with all replication

partners.

lt;NamingContextgt;

Specifies the distinguished name of the directory partition.

lt;Flagsgt;

Performs specific actions during the replication.

Question No: 378 – (Topic 4)

You create a standard primary zone for contoso.com.

You need to specify a user named Admin1 as the person responsible for managing the zone.

What should you do? (Each correct answer presents a complete solution. Choose two.)

  1. Open the %Systemroot\System32\DNS\Contoso.com.dns file by using Notepad and change all instances of quot;hostmaster.contoso.comquot; to quot;admin1.contoso.comquot;.

  2. From DNS Manager, open the properties of the Start of Authority (SOA) record ofcontoso.com, Specify admin1.contoso.com as the responsible person.

  3. Open the %Systemroot\System32\DNS\Contoso.com.dns file by using Notepad and change all instances of quot;hostmaster@contoso.comquot; to quot;admin1@contoso.comquot;.

  4. From DNS Manager, open the properties of the Start of Authority (SOA) record ofcontoso.com.Specify admin1@contoso.com as the responsible person.

    Answer: A,B Explanation:

    Reference 1:

    http://technet.microsoft.com/en-us/library/cc816941.aspx

    To modify the start of authority (SOA) resource record for a zone using the Windows interface

    1. Open DNS Manager.

    2. In the console tree, right-click the applicable zone, and then click Properties.

    3. Click the Start of Authority (SOA) tab.

    4. As needed, modify properties for the start of authority (SOA) resource record.

    5. Click OK to save the modified properties.

      Reference 2:

      http://technet.microsoft.com/en-us/library/dd197495.aspx The SOA resource record contains the following information: SOA resource record fields

      Responsible person The e-mail address of the person responsible for administering the zone. A period (.) is used instead of an at sign (@) in this e-mail name.

      (…)

      Question No: 379 – (Topic 4)

      A corporate network includes a single Active Directory Domain Services (AD DS) domain and two AD DS sites.

      The AD DS sites are named Toronto and Montreal. Each site has multiple domain controllers.

      You need to determine which domain controller holds the Inter-Site Topology Generator role for the Toronto site.

      What should you do?

      1. Use the Active Directory Sites and Services console to view the NTDS Site Settings for the Toronto site.

      2. Use the Ntdsutil tool with the roles parameter.

      3. Use the Ntdsutil tool with the LDAP policies parameter.

      4. Use the Active Directory Sites and Services console to view the properties of each domain controller in the Toronto site.

        Answer: A

        Reference:

        http://technet.microsoft.com/en-us/library/cc794776.aspx Determine the ISTG Role Owner for a Site

        The Intersite Topology Generator (ISTG) is the domain controller in each site that is responsible for generating the intersite topology. If you want to regenerate the intersite topology, you must determine the identity of the ISTG role owner in a site. You can use this procedure to view the NTDS Site Settings object properties and determine the ISTG role owner for the site.

        To determine the ISTG role owner for a site

        1. Open Active Directory Sites and Services.

        2. In the console tree, click the site object whose ISTG role owner you want to determine.

        3. In the details pane, right-click the NTDS Site Settings object, and then click Properties. The current role owner appears in the Server box under Inter-Site Topology Generator.

          Question No: 380 – (Topic 4)

          Your network contains an Active Directory forest. The forest contains three domains. All domain controllers have the DNS Server server role installed.

          The forest contains three sites named Site1, Site2, and Site3. Each site contains the users, client computers, and domain controllers of each domain. Site1 contains the first domain controller deployed to the forest.

          The sites connect to each other by using unreliable WAN links.

          The users in Site2 and Site3 report that is takes a long time to log on to their client computer when they use their user principal name (UPN). The users in Site1 do not experience the same issue.

          You need to reduce the amount of time it takes for the Site2 users and the Site3 users to log on to their client computer by using their UPN.

          What should you do?

          1. Configure a global catalog server in Site2 and a global catalog server in Site3.

          2. Reduce the replication interval of the site links.

          3. Move a primary domain controller (PDC) emulator to Site2 and to Site3.

          4. Add additional domain controllers to Site2 and to Site3.

          5. Reduce the cost of the site links.

          6. Enable universal group membership caching in Site2 and in Site3.

            Answer: A

            Reference:

            http://technet.microsoft.com/en-us/library/cc728188.aspx Common Global Catalog Scenarios

            The following events require a global catalog server:

            (…) User logon. In a forest that has more than one domain, two conditions require the global catalog during user authentication:

            1. When a user principal name (UPN) is used at logon and the forest has more than one domain, a global catalog server is required to resolve the name.

              2. (…)

              100% Ensurepass Free Download!
              Download Free Demo:70-640 Demo PDF
              100% Ensurepass Free Guaranteed!
              70-640 Dumps

              EnsurePass ExamCollection Testking
              Lowest Price Guarantee Yes No No
              Up-to-Dated Yes No No
              Real Questions Yes No No
              Explanation Yes No No
              PDF VCE Yes No No
              Free VCE Simulator Yes No No
              Instant Download Yes No No
                       

You must be logged in to post a comment.

Proudly powered by WordPress   Premium Style Theme by www.gopiplus.com