[Free] 2018(June) Ensurepass Microsoft 70-640 Dumps with VCE and PDF 291-300

Ensurepass.com : Ensure you pass the IT Exams
2018 May Microsoft Official New Released 70-640
100% Free Download! 100% Pass Guaranteed!

Windows Server 2008 Active Directory, Configuring

Question No: 291 – (Topic 3)

You create a new Active Directory domain. The functional level of the domain is Windows Server 2008 R2. The domain contains five domain controllers.

You need to monitor the replication of the group policy template files. Which tool should you use?

  1. Dfsrdiag

  2. Fsutil

  3. Ntdsutil

  4. Ntfrsutl

Answer: A Explanation:

With domain functional level 2008 you have available dfs-r sysvol replication. So with DFL2008 you can use the DFSRDIAG tool. It is not available with domain functional level 2003.

With domain functional level 2003 you can only use Ntfrsutl.

Question No: 292 – (Topic 3)

Your network contains an Active Directory domain.

You need to restore a deleted computer account from the Active Directory Recycle Bin. What should you do?

  1. From the command prompt, run recover.exe.

  2. From the command prompt, run ntdsutil.exe.

  3. From the Active Directory Module for Windows PowerShell, run the Restore-Computer cmdlet.

  4. From the Active Directory Module for Windows PowerShell, run the Restore-ADObject

    cmdlet.

    Answer: D Explanation:

    http://technet.microsoft.com/en-us/library/dd379509(v=ws.10).aspx Step 2: Restore a Deleted Active Directory Object

    Applies To: Windows Server 2008 R2

    This step provides instructions for completing the following tasks with Active Directory Recycle Bin:

    Displaying the Deleted Objects container

    Restoring a deleted Active Directory object using Ldp.exe

    Restoring a deleted Active Directory object using the Get-ADObject and Restore-ADObject cmdlets

    Restoring multiple, deleted Active Directory objects

    To restore a single, deleted Active Directory object using the Get-ADObject and Restore- ADObject cmdlets

    1. Click Start, click Administrative Tools, right-click Active Directory Module for Windows PowerShell, and then click Run as administrator.

    2. At the Active Directory module for Windows PowerShell command prompt, type the following command, and then press ENTER:

      Get-ADObject -Filter {String} -IncludeDeletedObjects | Restore-ADObject

      For example, if you want to restore an accidentally deleted user object with the display name Mary, type the following command, and then press ENTER:

      Get-ADObject -Filter {displayName -eq quot;Maryquot;} -IncludeDeletedObjects | Restore-ADObject http://blogs.msdn.com/b/dsadsi/archive/2009/08/26/restoring-object-from-the-active- directory-recycle-binusing-ad-powershell.aspx

      Restoring object from the Active Directory Recycle Bin using AD Powershell

      Question No: 293 – (Topic 3)

      Your network contains a single Active Directory domain. A domain controller named DC2 fails.

      You need to remove DC2 from Active Directory.

      Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

      1. At the command prompt, run dcdiag.exe /fix.

      2. At the command prompt, run netdom.exe remove dc2.

      3. From Active Directory Sites and Services, delete DC2.

      4. From Active Directory Users and Computers, delete DC2.

        Answer: C,D

        Reference:

        http://technet.microsoft.com/en-us/library/cc816907.aspx Clean Up Server Metadata

        Metadata cleanup is a required procedure after a forced removal of Active Directory Domain Services (AD DS).

        You perform metadata cleanup on a domain controller in the domain of the domain controller that you forcibly removed. Metadata cleanup removes data from AD DS that identifies a domain controller to the replication system.

        Clean up server metadata by using GUI tools

        Clean up server metadata by using Active Directory Users and Computers

        1. Open Active Directory Users and Computers: On the Start menu, point to Administrative Tools, and then click Active Directory Users and Computers.

        2. Expand the domain of the domain controller that was forcibly removed, and then click Domain Controllers.

        3. In the details pane, right-click the computer object of the domain controller whose metadata you want to clean up, and then click Delete.

Clean up server metadata by using Active Directory Sites and Services

  1. Open Active Directory Sites and Services: On the Start menu, point to Administrative Tools, and then click Active Directory Sites and Services

  2. Expand the site of the domain controller that was forcibly removed, expand Servers, expand the name of the domain controller, right-click the NTDS Settings object, and then click Delete.

    Question No: 294 – (Topic 3)

    Your network contains an Active Directory domain. The domain contains two sites named

    Site1 and Site2. Site 1 contains five domain controllers. Site2 contains one read-only domain controller (RODC). Site1 and Site2 connect to each other by using a slow WAN link.

    You discover that the cached password for a user named User1 is compromised on the RODC.

    On a domain controller in Site1, you change the password for User1.

    You need to replicate the new password for User1 to the RODC immediately. The solution must not replicate other objects to the RODC.

    Which tool should you use?

    1. Active Directory Sites and Services

    2. Active Directory Users and Computers

    3. Repadmin

    4. Replmon

Answer: C

Reference:

http://technet.microsoft.com/en-us/library/cc742095.aspx Repadmin /rodcpwdrepl

Triggers replication of passwords for the specified users from a writable Windows Server 2008 source domain controller to one or more read-only domain controllers (RODCs).

Example:

The following example triggers replication of the passwords for the user account named JaneOh from the source domain controller named source-dc01 to all RODCs that have the name prefix dest-rodc:

repadmin /rodcpwdrepl dest-rodc* source-dc01 cn=JaneOh,ou=execs,dc=contoso,dc=com

Question No: 295 – (Topic 3)

You install a standalone root certification authority (CA) on a server named Server1.

You need to ensure that every computer in the forest has a copy of the root CA certificate installed in the local computer#39;s Trusted Root Certification Authorities store.

Which command should you run on Server1?

  1. certreq.exe and specify the -accept parameter

  2. certreq.exe and specify the -retrieve parameter

  3. certutil.exe and specify the -dspublish parameter

  4. certutil.exe and specify the -importcert parameter

Answer: C

Reference:

http://technet.microsoft.com/en-us/library/cc732443.aspx

Certutil.exe is a command-line program that is installed as part of Certificate Services. You can use Certutil.exe to dump and display certification authority (CA) configuration information, configure Certificate Services, back up and restore CA components, and verify certificates, key pairs, and certificate chains.

Syntax

Certutil lt;-parametergt; [-parameter] Parameter

-dsPublish

Publish a certificate or certificate revocation list (CRL) to Active Directory

Question No: 296 – (Topic 3)

You have Active Directory Certificate Services (AD CS) deployed. You create a custom certificate template.

You need to ensure that all of the users in the domain automatically enroll for a certificate based on the custom certificate template.

Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

  1. In a Group Policy object (GPO), configure the autoenrollment settings.

  2. In a Group Policy object (GPO), configure the Automatic Certificate Request Settings.

  3. On the certificate template, assign the Read and Autoenroll permission to the Authenticated Users group.

  4. On the certificate template, assign the Read, Enroll, and Autoenroll permission to the Domain Users group.

Answer: A,D

Reference:

http://technet.microsoft.com/en-us/library/dd379539.aspx

To automatically enroll client computers for certificates in a domain environment, you must: Configure an autoenrollment policy for the domain.

(…)

In Configuration Model, select Enabled to enable autoenrollment. Configure certificate templates for autoenrollment.

(…)

In the Permissions for Authenticated Users list, select Read, Enroll, and Autoenroll in the Allow column, and then click OK and Close to finish

Configure an enterprise CA.

Question No: 297 – (Topic 3)

Your network contains an Active Directory domain named contoso.com.

You need to audit changes to a service account. The solution must ensure that the audit logs contain the before and after values of all the changes.

Which security policy setting should you configure?

  1. Audit Sensitive Privilege Use

  2. Audit User Account Management

  3. Audit Directory Service Changes

  4. Audit Other Account Management Events

Answer: C Explanation:

Reference 1:

http://technet.microsoft.com/en-us/library/dd772641.aspx

Audit Directory Service Changes

This security policy setting determines whether the operating system generates audit events when changes are made to objects in Active Directory Domain Services (AD DS). Reference 2:

http://technet.microsoft.com/en-us/library/cc731607.aspx AD DS Auditing Step-by-Step Guide

This guide includes a description of the new Active Directory庐 Domain Services (AD DS) auditing feature in Windows Server庐 2008. With the new auditing feature, you can log events that show old and new values; for example, you can show that Joe#39;s favorite drink changed from single latte to triple-shot latte.

Question No: 298 – (Topic 3)

Your network contains an Active Directory forest. The forest contains an Active Directory site for a remote office. The remote site contains a read-only domain controller (RODC).

You need to configure the RODC to store only the passwords of users in the remote site. What should you do?

  1. Create a Password Settings object (PSO).

  2. Modify the Partial-Attribute-Set attribute of the forest.

  3. Add the user accounts of the remote site users to the Allowed RODC Password Replication Group.

  4. Add the user accounts of users who are not in the remote site to the Denied RODC Password Replication Group.

Answer: C

Reference:

http://technet.microsoft.com/en-us/library/cc730883.aspx Password Replication Policy Allowed and Denied lists

Two new built-in groups are introduced in Windows Server 2008 Active Directory domains to support RODC operations. These are the Allowed RODC Password Replication Group and Denied RODC Password

Replication Group.

These groups help implement a default Allowed List and Denied List for the RODC Password Replication Policy. By default, the two groups are respectively added to the msDS-RevealOnDemandGroup and msDSNeverRevealGroup

Active Directory attributes mentioned earlier.

Question No: 299 – (Topic 3)

Your network contains two Active Directory forests named contoso.com and nwtraders.com. Active Directory Rights Management Services (AD RMS) is deployed in each forest.

You need to ensure that users from the nwtraders.com forest can access AD RMS protected content in the contoso.com forest.

What should you do?

  1. Add a trusted user domain to the AD RMS cluster in the nwtraders.com domain.

  2. Create an external trust from nwtraders.com to contoso.com.

  3. Add a trusted user domain to the AD RMS cluster in the contoso.com domain.

  4. Create an external trust from contoso.com to nwtraders.com.

Answer: C

Reference:

http://technet.microsoft.com/en-us/library/hh311036.aspx Using AD RMS trust

It is not necessary to create trust or federation relationships between the Active Directory forests of organizations to be able to share rights-protected information between separate organizations. AD RMS provides two types of trust relationships that provide this kind of rights-protected information exchange. A trusted user domain (TUD) allows the AD RMS root cluster to process requests for client licensor certificates or use licenses from users

whose rights account certificates (RACs) were issued by a different AD RMS root cluster. You add a trusted user domain by importing the server licensor certificate of the AD RMS cluster to trust.

Question No: 300 – (Topic 3)

Your network contains an Active Directory domain. The domain contains four domain controllers.

You modify the Active Directory schema.

You need to verify that all the domain controllers received the schema modification. Which command should you run?

  1. dcdiag.exe /a

  2. netdom.exe query fsmo

  3. repadmin.exe /showrepl *

  4. sc.exe query ntds

Answer: C Explanation:

http://blogs.technet.com/b/askds/archive/2009/07/01/getting-over-replmon.aspx Getting Over Replmon

Status Checking Replmon had the option to generate a status report text file. It could tell you which servers were configured to replicate with each other, if they had any errors, and so on. It was pretty useful actually, and one of the main reasons people liked the tool.

Repadmin.exe offers similar functionality within a few of its command line options. For example, we can get a summary report:

Repadmin /replsummary *

Ensurepass 2018 PDF and VCE

C:\Documents and Settings\usernwz1\Desktop\1.PNG

Several DCs have been taken offline. Repadmin shows the correct error of 58 – that the other DCs are not available and cannot tell you their status.

You can also use more verbose commands with Repadmin to see details about which DCs are or are not replicating:

Repadmin /showrepl *

Ensurepass 2018 PDF and VCE

C:\Documents and Settings\usernwz1\Desktop\1.PNG

Topic 4, Volume D

100% Ensurepass Free Download!
Download Free Demo:70-640 Demo PDF
100% Ensurepass Free Guaranteed!
Download 2018 EnsurePass 70-640 Full Exam PDF and VCE

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.