[Free] 2018(Aug) Ensurepass Microsoft 70-640 Dumps with VCE and PDF 261-270

Ensurepass.com : Ensure you pass the IT Exams
2018 Aug Microsoft Official New Released 70-640
100% Free Download! 100% Pass Guaranteed!

Windows Server 2008 Active Directory, Configuring

Question No: 261 – (Topic 3)

Your network contains an Active Directory domain. All domain controllers run Windows Server 2008 R2. Client computers run either Windows XP Service Pack 3 (SP3) or Windows Vista.

You need to ensure that all client computers can apply Group Policy preferences. What should you do?

  1. Upgrade all Windows XP client computers to Windows 7.

  2. Create a central store that contains the Group Policy ADMX files.

  3. Install the Group Policy client-side extensions (CSEs) on all client computers.

  4. Upgrade all Windows Vista client computers to Windows Vista Service Pack 2 (SP2).

    Answer: C Explanation:

    http://www.microsoft.com/en-us/download/details.aspx?id=3628

    Group Policy Preference Client Side Extensions for Windows XP (KB943729)

    Multiple Group Policy Preferences have been added to the Windows Server 2008 Group Policy Management Console (which are also available through the Remote Server Administration Toolset (RSAT) for Windows Vista SP1).

    Multiple Group Policy Preferences have been added to the Windows Server 2008 Group Policy Management Console (which are also available through the Remote Server Administration Toolset (RSAT) for Windows Vista SP1). Group Policy Preferences enable information technology professionals to configure, deploy, and manage operating system and application settings they previously were not able to manage using Group Policy. After you install this update, your computer will be able to process the new Group Policy Preference extensions.

    http://www.petenetlive.com/KB/Article/0000389.htm

    Server 2008 Group Policy Preferences and Client Side Extensions

    Ensurepass 2018 PDF and VCE

    Problem Group Policy Preferences (GPP) first came in with Server 2008 and were enhanced for Server 2008 R2, To be able to apply them to older Windows clients, you need to install the quot;Client side Extensionsquot; (CSE), You can either script this, deploy with a group policy, or if you have WSUS you can send out the update that way.

    C:\Documents and Settings\usernwz1\Desktop\1.PNG Solution

    You may not have noticed, but if you edit or create a group policy in Server 2008 now, you will see there is a quot;Preferencesquot; branch. Most IT Pro#39;s will have seen the addition of the quot;Policiesquot; folder some time ago because it adds an extra level to get to the policies that were there before 🙂

    Ensurepass 2018 PDF and VCE

    C:\Documents and Settings\usernwz1\Desktop\1.PNG

    OK Cool! What can you do with them?

    1. Computer Preferences: Windows Settings

      Environment: Lets you control, and send out Environment variables via Group Policy. Files: Allows you to copy, modify the attributes, replace or delete a file (for folders see the next section).

      Folder: As above, but for folders.

      Ini Files: Allows you to Create, Replace, Update or Delete an ini file.

      Registry: Allows you to Create, Replace, Update or Delete a Registry value, You can either manually type in the reference use a Wizard, or extract the key(s) values you want to send them out via group policy.

      Network Shares: Allow you to Create, Replace, Update, or Delete shares on clients via group policy.

      Shortcuts: Allows you to Create, Replace, Update, or Delete shortcuts on clients via group policy.

    2. Computer Preferences: Control Panel Settings

      Data Sources: Allows you to Create, Replace, Update, or Delete, Data Sources and ODBC settings via group policy. (Note: there#39;s a bug if your using SQL authentication see here).

      Devices: Lets you enable and disable hardware devices by type and class, to be honest it#39;s a little quot;clunkyquot;.

      Folder Options: Allows you to set quot;File Associationsquot; and set the default programs that will open particular file extensions.

      Local Users and Groups: Lets you Create, Replace, Update, or Delete either local users OR local groups.

      Handy if you want to create an additional admin account, or reset all the local administrators passwords via group policy.

      Network Options: Lets you send out VPN and dial up connection settings to your clients, handy if you use PPTP Windows Server VPN#39;s.

      Power Options: With XP these are Power Options and Power Schemes, With Vista and later OS#39;s they are Power Plans. This is much needed, I#39;ve seen many quot;Is there a group policy for power options?quot; or disabling hibernation questions in forums. And you can use the options Tab, to target particular machine types (i.e. only apply if there is a battery present).

      Printers: Lets you install printers (local or TCP/IP), handy if you want all the machines in accounts to have the accounts printer.

      Scheduled Tasks: Lets you create a scheduled task or an immediate task (Vista or Later), this could be handy to deploy a patch or some virus/malware removal process.

      Service: Essentially anything you can do in the services snap in you can push out through group policy, set services to disables or change the logon credentials used for a service. In addition you can set the recovery option should a service fail.

    3. User Configuration: Windows Settings

      Applications: Answers on a Postcard? I can#39;t work out what these are for!

      Drive Mappings: Traditionally done by login script or from the user object, but use this and you can assign mapped drives on a user/group basis.

      Environment: As above lets you control and send out Environment variables via Group Policy, but on a user basis.

      Files: As above. allows you to copy, modify the attributes, replace or delete a file (for folders see the next section), but on a user basis.

      Folders: As above, but for folders on a user by user basis.

      Ini Files: As above, allows you to Create, Replace, Update or Delete an ini file, on a user by user basis.

      Registry: As above, allows you to Create, Replace, Update or Delete a Registry value, You can either manually type in the reference use a Wizard, or extract the key(s) values you want to send out via group policy, this time for users not computers.

      Shortcuts: As Above, allows you to Create, Replace, Update, or Delete shortcuts on clients via group policy for users.

    4. User Configuration: Control Panel Settings

      All of the following options are covered above on quot;Computer Configurationquot; Data Sources

      Devices Folder Options

      Local Users and Groups

      Network Options Power Options Printers Scheduled Tasks

      Internet Settings: Using this Group Policy you can specify Internet Explorer settings/options on a user by user basis.

      Regional Options: Designed so you can change a users Locale, handy if you have one user who wants an American keyboard.

      Start Menu: Provides the same functionality as right clicking your task bar gt; properties gt; Start Menu gt;

      Customise, only set user by user. References:

      http://technet.microsoft.com/en-us/library/dd367850(WS.10).aspx Group Policy Preferences

      Question No: 262 – (Topic 3)

      Your network contains an Active Directory domain.

      A user named User1 takes a leave of absence for one year.

      You need to restrict access to the User1 user account while User1 is away. What should you do?

      1. From the Default Domain Policy, modify the account lockout settings.

      2. From the Default Domain Controller Policy, modify the account lockout settings.

      3. From the properties of the user account, modify the Account options.

      4. From the properties of the user account, modify the Session settings.

Answer: C Explanation:

Account lockout settings deal with logon security, like how many times a wrong password can be entered before an account gets locked out, or after how many minutes a locked out user can try again.

To really restrict access to the User1 account it has to be disabled, by modifying the account options.

Reference:

http://blogs.technet.com/b/msonline/archive/2009/08/17/disabling-and-deleting-user- accounts.aspx

Disabling a user account prevents user access to e-mail and Microsoft SharePoint Online data, but retains the user’s data. Disabling a user account also keeps the user license associated with that account. This is the best option to utilize when a person leaves an organization temporarily.

Question No: 263 – (Topic 3)

Your network contains an Active Directory forest. The forest contains two domains named contoso.com and eu.contoso.com. All domain controllers are DNS servers.

The domain controllers in contoso.com host the zone for contoso.com. The domain controllers in eu.contoso.com host the zone for eu.contoso.com. The DNS zone for contoso.com is configured as shown in the exhibit. (Click the Exhibit button.)

Ensurepass 2018 PDF and VCE

You need to ensure that all domain controllers in the forest host a writable copy of

_msdsc.contoso.com.

Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

  1. Create a zone delegation record in the contoso.com zone.

  2. Create a zone delegation record in the eu.contoso.com zone.

  3. Create an Active Directory-integrated zone for _msdsc.contoso.com.

  4. Create a secondary zone named _msdsc.contoso.com in eu.contoso.com.

Answer: A,C Explanation:

Note that the question speaks of _msdSC, instead of _msdCS. Not sure if it means something, probably a typo.

Question No: 264 – (Topic 3)

Your network contains three Active Directory forests named Forest1, Forest2, and Forest3. Each forest contains three domains. A two-way forest trust exists between Forest1 and Forest2. A two-way forest trust exists between Forest2 andForest3.

You need to configure the forests to meet the following requirements:

->Users in Forest3 must be able to access resources in Forest1

->Users in Forest1 must be able to access resources in Forest3.

->The number of trusts must be minimized.

What should you do?

  1. In Forest2, modify the name suffix routing settings.

  2. In Forest1 and Forest3, configure selective authentication.

  3. In Forest1 and Forest3, modify the name suffix routing settings.

  4. Create a two-way forest trust between Forest1 and Forest3.

  5. Create a shortcut trust in Forest1 and a shortcut trust in Forest3.

Answer: D

Reference:

MS Press – Self-Paced Training Kit (Exam 70-640) (2nd Edition, December 14 2012) page 639:

Forest Trusts (…)

You can specify whether the forest trust is one-way, incoming or outgoing, or two-way. As

mentioned earlier, a forest trust is transitive, allowing all domains in a trusting forest to trust all domains in a trusted forest. However, forest trusts are not themselves transitive. For example, if the tailspintoys.com forest trusts the worldwideimporters .com forest, and the worldwideimporters.com forest trusts the northwindtraders.com forest, those two trust relationships do not allow the tailspintoys.com forest to trust the northwindtraders.com forest. If you want those two forests to trust each other, you must create a specific forest trust between them.

Question No: 265 – (Topic 3)

Your network contains two servers named Server1 and Server2 that run Windows Server 2008 R2. Server1 has the Active Directory Federation Services (AD FS) Federation Service role service installed.

You plan to deploy AD FS 2.0 on Server2.

You need to export the token-signing certificate from Server1, and then import the certificate to Server2.

Which format should you use to export the certificate?

  1. Base-64 encoded X.509 (.cer)

  2. Cryptographic Message Syntax Standard PKCS #7 (.p7b)

  3. DER encoded binary X.509 (.cer)

  4. Personal Information Exchange PKCS #12 (.pfx)

Answer: D Explanation:

Reference 1:

http://technet.microsoft.com/en-us/library/ff678038.aspx

Checklist: Migrating Settings in the AD FS 1.x Federation Service to AD FS 2.0

If the AD FS 1.x Federation Service has a token-signing certificate that was issued by a trusted certification authority (CA) and you want to reuse it, you will have to export it from AD FS 1.x.

[The site provides also a link for instructions on how to export the token-signing certificate. That link point to the site mentioned in reference 2.]

Reference 2:

http://technet.microsoft.com/en-us/library/cc784075.aspx Export the private key portion of a token-signing certificate

To export the private key of a token-signing certificate

->Click Start, point to Administrative Tools, and then click Active Directory Federation Services.

->Right-click Federation Service, and then click Properties.

->On the General tab, click View.

->In the Certificate dialog box, click the Details tab.

->On the Details tab, click Copy to File.

->On the Welcome to the Certificate Export Wizard page, click Next.

->On the Export Private Key page, select Yes, export the private key, and then click Next.

->On the Export File Format page, selectPersonal Information Exchange = PKCS

#12 (.PFX), and then click Next.

->(…)

Question No: 266 – (Topic 3)

You have a domain controller named Server1 that runs Windows Server 2008 R2. You need to determine the size of the Active Directory database on Server1.

What should you do?

  1. Run the Active Directory Sizer tool.

  2. Run the Active Directory Diagnostics data collector set.

  3. From Windows Explorer, view the properties of the %systemroot%\ntds\ntds.dit file.

  4. From Windows Explorer, view the properties of the %systemroot%\sysvol\domain folder.

Answer: C Explanation:

http://technet.microsoft.com/en-us/library/cc961761.aspx Directory Data Store

Active Directory data is stored in the Ntds.dit ESE database file. Two copies of Ntds.dit are

present in separate locations on a given domain controller:

%SystemRoot%\NTDS\Ntds.dit This file stores the database that is in use on the domain controller. It contains the values for the domain and a replica of the values for the forest (the Configuration container data).

%SystemRoot%\System32\Ntds.dit This file is the distribution copy of the default directory that is used when you promote a Windows 2000 – based computer to a domain controller. The availability of this file allows you to run the Active Directory Installation Wizard (Dcpromo.exe) without your having to use the Windows 2000 Server operating system CD. During the promotion process, Ntds.dit is copied from the %SystemRoot% \System32 directory into the %SystemRoot%\NTDS directory. Active Directory is then started from this new copy of the file, and replication updates the file from other domain controllers.

Question No: 267 – (Topic 3)

Your network contains an Active Directory domain. The domain contains two Active Directory sites named Site1 and Site2. Site1 contains two domain controllers named DC1 and DC2. Site2 contains two domain controller named DC3 and DC4. The functional level of the domain is Windows Server 2008 R2. The functional level of the forest is Windows Server 2003. Active Directory replication between Site1 and Site2 occurs from 20:00 to 01:00 every day.

At 07:00, an administrator deletes a user account while he is logged on to DC1.

You need to restore the deleted user account. You want to achieve this goal by using the minimum amount of administrative effort.

What should you do?

  1. On DC1, run the Restore-ADObject cmdlet.

  2. On DC3, run the Restore-ADObject cmdlet.

  3. On DC1, stop Active Directory Domain Services, restore the System State, and then start Active Directory Domain Services.

  4. On DC3, stop Active Directory Domain Services, perform an authoritative restore, and then start Active Directory Domain Services.

Answer: D Explanation:

We cannot use Restore-ADObject, because Restore-ADObject is a part of the Recycle Bin

feature, and you can only use Recycle Bin when the forest functional level is set to Windows Server 2008 R2. In the question text it says quot;The functional level of the forest is Windows Server 2003.quot;

Seehttp://technet.microsoft.com/nl-nl/library/dd379481.aspx

Performing an authoritative restore on DC3 updates the Update Sequence Number (USN) on that DC, which causes it to replicate the restored user account to other DC#39;s.

Reference 1:

MS Press – Self-Paced Training Kit (Exam 70-640) (2nd Edition, July 2012) page 692 An authoritative restore restores data that was lost and updates the Update Sequence Number (USN) for the data to make it authoritative and ensure that it is replicated to all other servers.

Reference 2:

http://technet.microsoft.com/en-us/library/cc755296.aspx Authoritative restore of AD DS has the following requirements:

You must stop the Active Directory Domain Services service before you run the ntdsutil authoritative restore command and restart the service after the command is complete.

Question No: 268 – (Topic 3)

You have an enterprise subordinate certification authority (CA). You have a custom Version 3 certificate template.

Users can enroll for certificates based on the custom certificate template by using the Certificates console. The certificate template is unavailable for Web enrollment.

You need to ensure that the certificate template is available on the Web enrollment pages. What should you do?

  1. Run certutil.exe pulse.

  2. Run certutil.exe installcert.

  3. Change the certificate template to a Version 2 certificate template.

  4. On the certificate template, assign the Autoenroll permission to the users.

Answer: C Explanation:

Explanation

Identical to F/Q33. Reference 1:

http://technet.microsoft.com/en-us/library/cc732517.aspx

Certificate Web enrollment cannot be used with version 3 certificate templates. Reference 2:

http://blogs.technet.com/b/ad/archive/2008/06/30/2008-web-enrollment-and-version-3- templates.aspx

The reason for this blog post is that one of our customers called after noticing some unexpected behavior when they were trying to use the Server 2008 certificate web enrollment page to request a Version 3 Template based certificate. The problem was that no matter what they did the Version 3 Templates would not appear as certificates which could be requested via the web page. On the other hand, version 1 and 2 templates did appear in the page and requests could be done successfully using those templates.

Question No: 269 – (Topic 3)

You have an enterprise subordinate certification authority (CA).

You have a custom certificate template that has a key length of 1,024 bits. The template is enabled for autoenrollment.

You increase the template key length to 2,048 bits.

You need to ensure that all current certificate holders automatically enroll for a certificate that uses the new template.

Which console should you use?

  1. Active Directory Administrative Center

  2. Certification Authority

  3. Certificate Templates

  4. Group Policy Management

    Answer: C

    Reference:

    http://technet.microsoft.com/en-us/library/cc771246.aspx

    Re-Enroll All Certificate Holders

    This procedure is used when a critical change is made to the certificate template and you want all subjects that hold a certificate that is based on this template to re-enroll as quickly as possible. The next time the subject verifies the version of the certificate against the version of the template on the certification authority (CA), the subject will re-enroll.

    Membership in Domain Admins or Enterprise Admins, or equivalent, is the minimum required to complete this procedure. For more information, see Implement Role-Based Administration.

    To re-enroll all certificate holders

    1. Open the Certificate Templates snap-in.

    2. Right-click the template that you want to use, and then click Reenroll All Certificate Holders.

      Question No: 270 – (Topic 3)

      Your company has a main office and a branch office. The network contains an Active Directory domain.

      The main office contains a writable domain controller named DC1. The branch office contains a read- only domain controller (RODC) named DC2.

      You discover that the password of an administrator named Admin1 is cached on DC2. You need to prevent Admin1#39;s password from being cached on DC2.

      What should you do?

      1. Modify the NTDS Site Settings.

      2. Modify the properties of the domain.

      3. Create a Password Setting object (PSO).

      4. Modify the properties of DC2#39;s computer account.

        Answer: D Explanation:

        http://technet.microsoft.com/en-us/library/rodc-guidance-for-administering-the-password- replication-policy(v=ws.10).aspx

        Administering the Password Replication Policy

        This topic describes the steps for viewing, configuring, and monitoring the Password Replication Policy (PRP) and password caching for read-only domain controllers (RODCs). Viewing the PRP You can view the PRP in a graphical user interface (GUI) by using the Active Directory Users and Computers snap-in or in a Command Prompt window by using the Repadmin tool. The following procedures describe how to view the PRP.

        To view the PRP using Active Directory Users and Computers

        1. Open Active Directory Users and Computers. To open Active Directory Users and Computers, click Start.

          In Start Search, type dsa.msc, and then press ENTER.

        2. Ensure that you are connected to the correct domain. To connect to the appropriate domain, in the details pane, right-click the Active Directory Users and Computers object, and then click Change Domain. 3. Expand Domain Controllers, right-click the RODC account object for which you want to modify the PRP, and then click Properties.

  1. Click the Password Replication Policy tab. An example is shown in the following illustration.

    Ensurepass 2018 PDF and VCE

    C:\Documents and Settings\usernwz1\Desktop\1.PNG

    100% Ensurepass Free Download!
    70-640 PDF
    100% Ensurepass Free Guaranteed!
    70-640 Dumps

    EnsurePass ExamCollection Testking
    Lowest Price Guarantee Yes No No
    Up-to-Dated Yes No No
    Real Questions Yes No No
    Explanation Yes No No
    PDF VCE Yes No No
    Free VCE Simulator Yes No No
    Instant Download Yes No No

You must be logged in to post a comment.

Proudly powered by WordPress   Premium Style Theme by www.gopiplus.com