[Free] 2018(Aug) Ensurepass Microsoft 70-640 Dumps with VCE and PDF 241-250

Ensurepass.com : Ensure you pass the IT Exams
2018 Aug Microsoft Official New Released 70-640
100% Free Download! 100% Pass Guaranteed!

Windows Server 2008 Active Directory, Configuring

Question No: 241 – (Topic 3)

Your network contains a domain controller that runs Windows Server 2008 R2. You run the following command on the domain controller:

dsamain.exe -dbpath c:\$SNAP_201006170326_VOLUMEC$\Windows\NTDS\ntds.dit – ldapport 389 -allowNonAdminAccess

The command fails.

You need to ensure that the command completes successfully. How should you modify the command?

  1. Include the path to Dsamain.

  2. Change the value of the -dbpath parameter.

  3. Change the value of the -ldapport parameter.

  4. Remove the allowNonAdminAccess

Answer: C

Reference:

MS Press – Self-Paced Training Kit (Exam 70-640) (2nd Edition, July 2012) page 690 Use the AD DS database mounting tool to load the snapshot as an LDAP server. dsamain -dbpath c:\$SNAP_datetime_VOLUMEC$\windows\ntds\ntds.dit -ldapport portnumber

Be sure to use ALL CAPS for the -dbpath value and use any number beyond 40,000 for the

-ldapport value to ensure that you do not conflict with AD DS.

Also note that you can use the minus (-) sign or the slash (/) for the options in the command.

Question No: 242 – (Topic 3)

You have a domain controller that runs the DHCP service.

You need to perform an offline defragmentation of the Active Directory database on the domain controller.

You must achieve this goal without affecting the availability of the DHCP service. What should you do?

  1. Restart the domain controller in Directory Services Restore Mode. Run the Disk Defragmenter utility.

  2. Restart the domain controller in Directory Services Restore Mode. Run the Ntdsutil utility.

  3. Stop the Active Directory Domain Services service. Run the Ntdsutil utility.

  4. Stop the Active Directory Domain Services service. Run the Disk Defragmenter utility.

    Answer: C Explanation:

    We don#39;t need to restart the server to defragment the AD database. We do need to stop AD DS in order to defragment the database.

    Reference:

    http://technet.microsoft.com/en-us/library/cc794920.aspx

    To perform offline defragmentation of the directory database

    1. Open a Command Prompt as an administrator: On the Start menu, right-click Command Prompt, and then click Run as administrator. If the User Account Control dialog box appears, provide credentials, if required, and then click Continue.

    2. At the command prompt, type the following command, and then press ENTER: net stop ntds

    3. Type Y to agree to stop additional services, and then press ENTER.

    4. At the command prompt, type ntdsutil, and then press ENTER.

      Question No: 243 – (Topic 3)

      Your network contains an Active Directory-integrated zone. All DNS servers that host the zone are domain controllers.

      You add multiple DNS records to the zone.

      You need to ensure that the records are replicated to all DNS servers. Which tool should you use?

      1. Dnslint

      2. Ldp

      3. Nslookup

      4. Repadmin

Answer: D Explanation:

To make sure that the new DNS records are replicated to all DNS servers we can use the repadmin tool.

Reference:

http://technet.microsoft.com/en-us/library/cc811569.aspx

Forcing Replication Sometimes it becomes necessary to forcefully replicate objects and entire partitions between domain controllers that may or may not have replication agreements.

Force a replication event with all partners The repadmin /syncall command synchronizes a specified domain controller with all replication partners.

Syntax

repadmin /syncall lt;DCgt; [lt;NamingContextgt;] [lt;Flagsgt;] Parameters

lt;DCgt;Specifies the host name of the domain controller to synchronize with all replication partners.

lt;NamingContextgt;Specifies the distinguished name of the directory partition.

lt;Flagsgt; Performs specific actions during the replication.

Question No: 244 – (Topic 3)

Your company uses an application that stores data in an Active Directory Lightweight Directory Services (AD LDS) instance named Instance1.

You attempt to create a snapshot of Instance1 as shown in the exhibit. (Click the Exhibit button.)

Ensurepass 2018 PDF and VCE

You need to ensure that you can take a snapshot of Instance1. What should you do?

  1. At the command prompt, run net start VSS.

  2. At the command prompt, run net start Instance1.

  3. Set the Startup Type for the Instance1 service to Disabled.

  4. Set the Startup Type for the Volume Shadow Copy Service (VSS) to Manual.

Answer: A Explanation:

Hard to find references on this, but the solution can be found by eliminating the rest. Instance1 is running, otherwise you#39;d get a different message at the snaphot: create step. (quot;AD service

must be running in order to perform this operationquot;, on my virtual server.)

Disabling Instance1 makes no sense because you need it, nor is setting the Startup Type for the Volume

Shadow Copy Service (VSS) to Manual.

Question No: 245 – (Topic 3)

You create a Password Settings object (PSO).

You need to apply the PSO to a domain user named User1.

What should you do?

  1. Modify the properties of the PSO.

  2. Modify the account options of the User1 account.

  3. Modify the security settings of the User1 account.

  4. Modify the password policy of the Default Domain Policy Group Policy object (GPO).

    Answer: A

    Reference:

    http://technet.microsoft.com/en-us/library/cc731589.aspx

    To apply PSOs to users or global security groups using the Windows interface

    1. Open Active Directory Users and Computers

    2. On the View menu, ensure that Advanced Features is checked.

    3. In the console tree, click Password Settings Container.

    4. In the details pane, right-click the PSO, and then click Properties.

    5. Click the Attribute Editor tab.

    6. Select the msDS-PsoAppliesTo attribute, and then click Edit.

    7. In the Multi-valued String Editor dialog box, enter the Distinguished Name (also known as DN) of the user or the global security group that you want to apply this PSO to, click Add, and then click OK.

      Question No: 246 – (Topic 3)

      Your network contains an Active Directory domain. All domain controllers run Windows Server 2008 R2. Client computers run either Windows 7 or Windows Vista Service Pack 2 (SP2).

      You need to audit user access to the administrative shares on the client computers. What should you do?

      1. Deploy a logon script that runs Icacls.exe.

      2. Deploy a logon script that runs Auditpol.exe.

      3. From the Default Domain Policy, modify the Advanced Audit Policy Configuration.

      4. From the Default Domain Controllers Policy, modify the Advanced Audit Policy Configuration.

Answer: B

Reference: http://support.microsoft.com/kb/921469

Administrators can use the procedure that is described in this article to deploy a custom audit policy that applies detailed security auditing settings to Windows Vista-based and Windows Server 2008-based computers in a Windows Server 2003 domain or in a Windows 2000 domain.

Use the Auditpol.exe command-line tool to configure the custom audit policy settings that you want.

Question No: 247 – (Topic 3)

Active Directory Rights Management Services (AD RMS) is deployed on your network. You need to configure AD RMS to use Kerberos authentication.

Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

  1. Register a service principal name (SPN) for AD RMS.

  2. Register a service connection point (SCP) for AD RMS.

  3. Configure the identity setting of the _DRMSAppPool1 application pool.

  4. Configure the useAppPoolCredentials attribute in the Internet Information Services (IIS) metabase.

Answer: A,D

Reference:

http://technet.microsoft.com/en-us/library/dd759186.aspx

If you plan to use Active Directory Rights Management Services (AD RMS) with Kerberos authentication, you must take additional steps to configure the server running AD RMS after installing the AD RMS server role and provisioning the server. Specifically, you must perform these procedures:

Set the Internet Information Services (IIS) useAppPoolCredentials variable to True Set the Service Principal Names (SPN) value for the AD RMS service account

Question No: 248 – (Topic 3)

Your network contains an Active Directory domain named contoso.com. Contoso.com contains two domain controllers. The domain controllers are configured as shown in the following table.

Ensurepass 2018 PDF and VCE

All client computers have IP addresses in the 10.1.2.1 to 10.1.2.240 range. You need to minimize the number of client authentication requests sent to DC2. What should you do?

  1. Create a new site named Site1. Create a new subnet object that has the 10.1.1.0/24 prefix and assign the subnet to Site1. Move DC1 to Site1.

  2. Create a new site named Site1. Create a new subnet object that has the 10.1.1.1/32 prefix and assign the subnet to Site1. Move DC1 to Site1.

  3. Create a new site named Site1. Create a new subnet object that has the 10.1.1.2/32 prefix and assign the subnet to Site1. Move DC2 to Site1.

  4. Create a new site named Site1. Create a new subnet object that has the 10.1.2.0/24 prefix and assign the subnet to Site1. Move DC2 to Site1.

Answer: C Explanation:

Creating a new site and assigning a subnet of 10.1.1.2 with subnet mask of 255.255.255.255, it means only ONE ip (the DC2 ip) will be included on the site1 subnet coverage. Therefore all the request will be processed from the DC1 in the default-first-site and dc2 will authenticate only itself.

Question No: 249 – (Topic 3)

Your network contains an Active Directory domain controller named DC1. DC1 runs Windows Server 2008 R2.

You need to defragment the Active Directory database on DC1. The solution must minimize downtime on DC1.

What should you do first?

  1. At the command prompt, run net stop ntds.

  2. At the command prompt, run net stop netlogon.

  3. Restart DC1 in Safe Mode.

  4. Restart DC1 in Directory Services Restore Mode (DSRM).

    Answer: A Explanation:

    We don#39;t need to restart the server to defragment the AD database. We only need to stop AD DS in order to defragment the database, using ntdsutil.

    Reference:

    http://technet.microsoft.com/en-us/library/cc794920.aspx

    To perform offline defragmentation of the directory database

    1. Open a Command Prompt as an administrator.

    2. At the command prompt, type the following command, and then press ENTER: net stop ntds

    3. Type Y to agree to stop additional services, and then press ENTER.

    4. At the command prompt, type ntdsutil, and then press ENTER.

      Question No: 250 – (Topic 3)

      Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1. Server1 has the Active Directory Federation Services (AD FS) role installed.

      You have an application named App1 that is configured to use Server1 for AD FS authentication.

      You deploy a new server named Server2. Server2 is configured as an AD FS 2.0 server. You need to ensure that App1 can use Server2 for authentication.

      What should you do on Server2?

      1. Add an attribute store.

      2. Create a relying party trust.

      3. Create a claims provider trust.

      4. Create a relaying provider trust.

Answer: B Explanation:

http://technet.microsoft.com/en-us/library/dd807132(v=ws.10).aspx Create a Relying Party Trust Using Federation Metadata http://pipe2text.com/?page_id=815

Setting up a Relying Party Trust in ADFS 2.0 http://blogs.msdn.com/b/card/archive/2010/06/25/using-federation-metadata-to-establish-a- relying-party-trustin-ad-fs-2-0.aspx

Using Federation Metadata to establish a Relying Party Trust in AD FS 2.0

100% Ensurepass Free Download!
70-640 PDF
100% Ensurepass Free Guaranteed!
70-640 Dumps

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

You must be logged in to post a comment.

Proudly powered by WordPress   Premium Style Theme by www.gopiplus.com