[Free] 2018(Aug) Ensurepass Microsoft 70-640 Dumps with VCE and PDF 331-340

Ensurepass.com : Ensure you pass the IT Exams
2018 Aug Microsoft Official New Released 70-640
100% Free Download! 100% Pass Guaranteed!

Windows Server 2008 Active Directory, Configuring

Question No: 331 – (Topic 4)

Your network contains an Active Directory domain. The domain contains an organizational unit (OU) named OU1. OU1 contains all managed service accounts in the domain.

You need to prevent the managed service accounts from being deleted accidentally from OU1.

Which cmdlet should you use?

  1. Set-ADUser

  2. Set-ADOrganizationalUnit

  3. Set-ADServiceAccount

  4. Set-ADObject

Answer: D Explanation:

You can use Set-ADOrganizationalUnit and the -ProtectedFromAccidentalDeletion $true parameter to prevent OU1 from being deleted accidentally, but you would still be able to delete the accounts inside it. Use Set-ADObject to protect the accounts.

Reference:

http://technet.microsoft.com/en-us/library/hh852326.aspx Set-ADObject Modifies an Active Directory object.

Parameter

-ProtectedFromAccidentalDeletion lt;Booleangt;Specifies whether to prevent the object from being deleted. When this property is set to true, you cannot delete the corresponding object without changing the value of the property. Possible values for this parameter include:

$false or 0

$true or 1

The following example shows how to set this parameter to true.

-ProtectedFromAccidentalDeletion $true

Question No: 332 DRAG DROP – (Topic 4)

Your company plans to open a new branch office.

The new office will have a low-speed connection to the Internet.

You plan to deploy a read-only domain controller (RODC) in the branch office.

You need to create an offline copy of the Active Directory database that can be used to install the Active Directory on the new RODC.

Which commands should you run from Ntdsutil?

To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Ensurepass 2018 PDF and VCE

Answer:

Ensurepass 2018 PDF and VCE

Question No: 333 – (Topic 4)

A domain controller named DC4 runs Windows Server 2008 R2. DC4 is configured as a DNS server for fabrikam.com.

You install the DNS Server server role on a member server named DNS1 and then you create a standard secondary zone for fabrikam.com. You configure DC4 as the master server for the zone.

You need to ensure that DNS1 receives zone updates from DC4. What should you do?

  1. Add the DNS1 computer account to the DNSUpdateProxy group.

  2. On DC4, modify the permissions offabrikam.com zone.

  3. On DNS1, add a conditional forwarder.

  4. On DC4, modify the zone transfer settings for the fabrikam.com zone.

    Answer: D

    Reference:

    http://technet.microsoft.com/en-us/library/cc771652.aspx Modify Zone Transfer Settings

    You can use the following procedure to control whether a zone will be transferred to other servers and which servers can receive the zone transfer.

    To modify zone transfer settings using the Windows interface

    1. Open DNS Manager.

    2. Right-click a DNS zone, and then click Properties.

    3. On the Zone Transfers tab, do one of the following:

      To disable zone transfers, clear the Allow zone transfers check box. To allow zone transfers, select the Allow zone transfers check box.

    4. If you allowed zone transfers, do one of the following: To allow zone transfers to any server, click To any server.

      To allow zone transfers only to the DNS servers that are listed on the Name Servers tab, click Only to servers listed on the Name Servers tab.

      To allow zone transfers only to specific DNS servers, click Only to the following servers, and then add the IP address of one or more DNS servers.

      Question No: 334 – (Topic 4)

      Your network contains an Active Directory domain named litwareinc.com. The domain contains two sites named Sitel and Site2. Site2 contains a read-only domain controller (RODC).

      You need to identify which user accounts attempted to authenticate to the RODC. Which tool should you use?

      1. Active Directory Users and Computers

      2. Ntdsutil

      3. Get-ADAccountResultantPasswordReplicationPolicy

      4. Adtest

Answer: A Explanation:

Original answer was C (quot;Get-ADAccountResultantPasswordReplicationPolicyquot;). Ntdsutil cannot be used for this.

http://technet.microsoft.com/en-us/library/cc753343.aspx

Get-ADAccountResultantPasswordReplicationPolicy is used to get the members of the allowed list or denied list of a read-only domain controller#39;s password replication policy. Get-

ADDomainControllerPasswordReplicationPolicyUsage could be used, but is not listed. http://technet.microsoft.com/en-us/library/ee617207.aspx

Adtest is used for perfomance testing. Reference 1:

http://technet.microsoft.com/en-us/library/cc755310.aspx

Review whose accounts have been authenticated to an RODC

Periodically, you should review whose accounts have been authenticated to an RODC. (…) You can use Active Directory Users and Computers or repadmin /prp to review whose

accounts have been authenticated to an RODC. Reference 2:

http://technet.microsoft.com/en-us/library/83a6daba-cdde-4606-97a3- ebb9d7fa6bf(v=ws.10)#BKMK_Auth2

Gives a step by step explanation on using Active Directory Users and Computers.

Old explanation:

Get-ADDomainControllerPasswordReplicationPolicyUsage o get accounts that are authenticated by the RODC, use the AuthenticatedAccounts parameter. To get the accounts that have passwords stored on the RODC, use the RevealedAccounts parameter. http://technet.microsoft.com/en-us/library/ee617194.aspx

Question No: 335 – (Topic 4)

Your company, Contoso, Ltd., has a main office and a branch office. The offices are connected by a WAN link.Contoso has an Active Directory forest that contains a single domain named ad.contoso.com.

The ad.contoso.com domain contains one domain controller named DC1 that is located in the main office. DC1 is configured as a DNS server for the ad.contoso.com DNS zone. This zone is configured as a standard primary zone.

You install a new domain controller named DC2 in the branch office. You install DNS on DC2.

You need to ensure that the DNS service can update records and resolve DNS queries in the event that aWAN link fails.

What should you do?

  1. Create a new secondary zone named ad.contoso.com on DC2.

  2. Create a new stub zone named ad.contoso.com on DC2.

  3. Configure the DNS server on DC2 to forward requests to DC1.

  4. Convert the ad.contoso.com zone on DC1 to an Active Directory-integrated zone.

Answer: D Explanation:

Three answers don#39;t make sense, leaving us with the one that works. Create a new secondary zone named ad.contoso.com on DC2.

This would create a read-only zone, so it couldn#39;t be updated Create a new stub zone named ad.contoso.com on DC2.

This stub zone would contain source information about authoritative name servers for its zone only, being DC1, but that one would be unavailable in the WAN link fails.

Configure the DNS server on DC2 to forward requests to DC1. This doesn#39;t help if the WAN link fails and DC1 is unavailable.

Question No: 336 – (Topic 4)

You have a client computer named Computer1 that runs Windows 7. On Computer1, you configure a source-initiated subscription.

You configure the subscription to retrieve all events from the Windows logs of a domain controller named DC1.

The subscription is configured to use the HTTP protocol.

You discover that events from the Security log of DC1 are not collected on Computer1. Events from the

Application log of DC1 and the System log of DC1 are collected on Computer1.

You need to ensure that events from the Security log of DC1 are collected on Computer1. What should you do?

  1. Add the computer account of Computer1 to the Event Log Readers group on the domain controller.

  2. Add the Network Service security principal to the Event Log Readers group on the domain.

  3. Configure the subscription to use custom Event Delivery Optimization settings.

  4. Configure the subscription to use the HTTPS protocol.

    Answer: B

    Explanation:

    Reference 1:

    http://blogs.technet.com/b/askds/archive/2011/08/29/the-security-log-haystack-event- forwarding-and-you.aspx

    Preparing Windows Server 2008 and Windows Server 2008 R2

    You have to prepare your Windows Server 2008/2008 R2 machines for collection of security events. To do this, simply add the Network Service account to the Built-in Event Log Readers group.

    Reference 2:

    http://social.technet.microsoft.com/Forums/en-US/winservergen/thread/8434ffb3-1621- 4bc5-8311-66d88b215886/

    How to collect security logs using event forwarding?

    For Windows Vista, Windows Server 2008 and later version of clients, please follow the steps below to configure it.

    1. Click start-gt;run, type CompMgmt.msc to open Computer Management Console.

    2. Under Local Users and Groups, click Groups-gt;Event Log Readers to open Event Log Readers Properties.

    3. Click Add, then click Location button, select your computer and click OK.

    4. Click Object Types button, check the checkbox of Build-in security principals and click OK.

    5. Add “Network Service”build-in account to Event Log Readers group.

    6. Reboot the client computer.

      After these steps have been taken, you will see the security event logs in the Forwarded Events on your event collector.

      Question No: 337 – (Topic 4)

      You create a user account template for the marketing department.

      When you copy the user account template, you discover that the Web page attribute is not copied.

      You need to preserve the Web page attribute when you copy the user account template. What should you do?

      1. From Active Directory Administrative Center, modify the value of the wWWHomePage attribute for the user account template.

      2. From the Active Directory Schema snap-in, modify the properties of the user class.

      3. From Active Directory Users and Computers, modify the value of the wWWHomePage attribute for the user account template.

      4. From ADSI Edit, modify the properties of the wWWHomePage attribute.

Answer: B

Reference:

http://technet.microsoft.com/en-us/library/cc771231.aspx

You can modify which default attributes are carried over to a newly copied user or specify additional attributes that will be copied to the new user. To do this, open the Active Directory Schema snap-in, view the desired attribute properties, and select (or clear) the Attribute is copied when duplicating user check box. You can modify or add only the attributes that are instances of the user class.

Question No: 338 – (Topic 4)

Your network contains an Active Directory forest named adatum.com. The DNS infrastructure fails.

You rebuild the DNS infrastructure.

You need to force the registration of the Active Directory Service Locator (SRV) records in DNS.

Which service should you restart on the domain controllers?

  1. Netlogon

  2. DNS Server

  3. Network Location Awareness

  4. Network Store Interface Service

  5. Online Responder Service

Answer: A

Reference:

MCTS 70-640 Cert Guide: Windows Server 2008 Active Directory, Configuring (Pearson IT

Certification, 2010) page 62

The SRV resource records for a domain controller are important in enabling clients to locate the domain controller. The Netlogon service on domain controllers registers this resource record whenever a domain controller is restarted. You can also re-register a domain controller’s SRV resource records by restarting this service from the Services branch of Server Manager or by typing net start netlogon. An exam question might ask you how to troubleshoot the nonregistration of SRV resource records.

Question No: 339 – (Topic 4)

Your network contains an enterprise certification authority (CA) that runs Windows Server 2008 R2 Enterprise.

You enable key archival on the CA. The CA is configured to use custom certificate templates for Encrypted File System (EFS) certificates.

You need to archive the private key for all new EFS certificates. Which snap-in should you use?

  1. Active Directory Users and Computers

  2. Authorization Manager

  3. Group Policy Management

  4. Enterprise PKI

  5. Security Templates

  6. TPM Management

  7. Certificates

  8. Certification Authority

  9. Certificate Templates

Answer: I

Reference:

http://technet.microsoft.com/en-us/library/cc753826.aspx Configure a Certificate Template for Key Archival

The key archival process takes place when a certificate is issued. Therefore, a certificate template must be modified to archive keys before any certificates are issued based on this

template.

Key archival is strongly recommended for use with the Basic Encrypting File System (EFS) certificate template in order to protect users from data loss, but it can also be useful when applied to other types of certificates.

To configure a certificate template for key archival and recovery

  1. Open the Certificate Templates snap-in.

  2. In the details pane, right-click the certificate template that you want to change, and then click Duplicate Template.

  3. In the Duplicate Template dialog box, click Windows Server 2003 Enterprise unless all of your certification authorities (CAs) and client computers are running Windows Server 2008 R2, Windows Server 2008, Windows 7, or Windows Vista.

  4. In Template, type a new template display name, and then modify any other optional properties as needed.

  5. On the Security tab, click Add, type the name of the users or groups you want to issue the certificates to, and then click OK.

  6. Under Group or user names, select the user or group names that you just added. Under Permissions, select the Read and Enroll check boxes, and if you want to automatically issue the certificate, also select the Autoenroll check box.

  7. On the Request Handling tab, select the Archive subject#39;s encryption private key check box.

    Original explanation: http://technet.microsoft.com/en-us/library/cc730721 Original explanation: http://technet.microsoft.com/en-us/library/cc730721

    Question No: 340 – (Topic 4)

    Your network contains an Active Directory domain named contoso.com. Contoso.com contains two sites named Site1 and Site2. Site1 contains a domain controller named DC1.

    In Site1, you install a new domain controller named DC2. You ship DC2 to Site2.

    You discover that certain users in Site2 authenticate to DC1.

    You need to ensure that the users in Site2 always attempt to authenticate to DC2 first. What should you do?

    1. From Active Directory Users and Computers, modify the Location settings of the DC2 computer object.

    2. From Active Directory Sites and Services, modify the Location attribute for Site2.

    3. From Active Directory Sites and Services, move the DC2 server object.

    4. From Active Directory Users and Computers, move the DC2 computer object.

      Answer: C Explanation:

      DC2 may be shipped to Site2, but it#39;s not yet associated properly with Site2 in Active Directory.

      Reference1:

      http://technet.microsoft.com/en-us/library/cc816674.aspx To move a server object to a new site

      1. Open Active Directory Sites and Services.

      2. In the console tree, expand Sites and the site in which the server object resides.

      3. Expand Servers to display the domain controllers that are currently configured for that site.

      4. Right-click the server object that you want to move, and then click Move.

      5. In Site Name, click the destination site, and then click OK.

      6. Expand the site object to which you moved the server, and then expand the Servers container.

      7. Verify that an object for the server that you moved exists.

      8. Expand the server object, and verify that an NTDS Settings object exists. Reference2:

        http://technet.microsoft.com/en-us/library/cc754697.aspx Using sites

        Sites help facilitate several activities, including: (…)

        Authentication. Site information helps make authentication faster and more efficient. When a client logs on to a domain, it first requests a domain controller in its local site for authentication. By establishing sites, you can ensure that clients use domain controllers that are nearest to them for authentication, which reduces authentication latency and traffic on wide area network (WAN) connections.

        100% Ensurepass Free Download!
        70-640 PDF
        100% Ensurepass Free Guaranteed!
        70-640 Dumps

        EnsurePass ExamCollection Testking
        Lowest Price Guarantee Yes No No
        Up-to-Dated Yes No No
        Real Questions Yes No No
        Explanation Yes No No
        PDF VCE Yes No No
        Free VCE Simulator Yes No No
        Instant Download Yes No No

You must be logged in to post a comment.

Proudly powered by WordPress   Premium Style Theme by www.gopiplus.com