[Free] 2018(June) Ensurepass Microsoft 70-640 Dumps with VCE and PDF 311-320

Ensurepass.com : Ensure you pass the IT Exams
2018 May Microsoft Official New Released 70-640
100% Free Download! 100% Pass Guaranteed!

Windows Server 2008 Active Directory, Configuring

Question No: 311 – (Topic 4)

Your network contains an Active Directory domain named contoso.com. Contoso.com contains a writable domain controller named DC1 and a read-only domain controller (RODC) named DC2. All domain controllers run Windows Server 2008 R2.

You need to install a new writable domain controller named DC3 in a remote site. The solution must minimize the amount of replication traffic that occurs during the installation of Active Directory Domain Services (AD DS) on DC3.

What should you do first?

  1. Run dcpromo.exe /createdcaccount on DC3.

  2. Run ntdsutil.exe on DC2.

  3. Run dcpromo.exe /adv on DC3.

  4. Run ntdsutil.exe on DC1.

Answer: D Explanation:

We can run dcpromo.exe /adv on DC3 to install a new writable domain controller using the Install From Media (IFM) option. That way there is less replication traffic. But before we can do that we have to create the installation media first. I suspect that#39;s what they mean when they say quot;What should you do first?quot; So first we create the installation media, then we use the installation media to install DC3.

Technet gives us instructions on how to create the installation media. It says:

quot;You can use the Ntdsutil.exe tool to create installation media for additional domain controllers that you are creating in a domain. By using the Install from Media (IFM) option,

you can minimize the replication of directory data over the network. This helps you install additional domain controllers in remote sites more efficiently.quot;

quot;You must use writeable domain controller installation media to install a writeable domain controller. You can create writeable domain controller installation media only on a writeable domain controller.quot;

Since DC2 in answer B is a read-only domain controller, that leaves us with answer D (quot;Run ntdsutil.exe on DC1quot;).

Reference 1:

http://technet.microsoft.com/en-us/library/cc770654.aspx [Used for the information above]

[Some extra info on using IFM to install the DC:] Reference 2:

http://http://technet.microsoft.com/en-us/library/cc732887.aspx dcpromo /adv

Performs an install from media (IFM) operation. Reference 3:

http://http://technet.microsoft.com/en-us/library/cc816722.aspx Installing an Additional Domain Controller by Using IFM

When you install Active Directory Domain Services (AD DS) by using the install from media (IFM) method, you can reduce the replication traffic that is initiated during the installation of an additional domain controller in an Active Directory domain. Reducing the replication traffic reduces the time that is necessary to install the additional domain controller.

Question No: 312 – (Topic 4)

Your network contains an Active Directory forest named contoso.com. The forest contains a single domain and 10 domain controllers. All of the domain controllers run Windows Server 2008 R2 Service Pack 1 (SP1).

The forest contains an application directory partition named dc=app1, dc=contoso,dc=com. A domain controller named DC1 has a copy of the application directory partition.

You need to configure a domain controller named DC2 to receive a copy of dc=app1, dc=contoso,dc=corn.

Which tool should you use?

  1. Active Directory Sites and Services

  2. Dsmod

  3. Dcpromo

  4. Dsmgmt

Answer: C

Reference:

http://technet.microsoft.com/en-us/library/cc732887.aspx

Dcpromo

Installs and removes Active Directory Domain Services (AD DS). Parameter

ApplicationPartitionsToReplicate:quot;quot;

Specifies the application directory partitions that dcpromo will replicate. Use the following format:

quot;partition1quot; quot;partition2quot; quot;partitionNquot;

Use * to replicate all application directory partitions.

Original explanation: Please Check Answer

I don#39;t think this is Dsmod. It is most likely Dcpromo.

Dsmod – Modifies an existing object of a specific type in the directory.

Question No: 313 – (Topic 4)

Your network contains an Active Directory domain named adatum.com. The functional level of the domain is Windows Server 2008. All domain controllers run Windows Server 2008 R2. All client computers run Windows 7 Enterprise.

You need to receive a notification when more than 50 Active Directory objects are deleted per second.

What should you do?

  1. Run the Get-ADDomain cmdlet.

  2. Run the dsget.exe command.

  3. Run the ntdsutil.exe command.

  4. Run the ocsetup.exe command.

  5. Run the dsamain.exe command.

  6. Run the eventcreate.exe command.

  7. Create a Data Collector Set (DCS).

  8. Create custom views from Event Viewer.

  9. Configure subscriptions from Event Viewer.

  10. Import the Active Directory module for Windows PowerShell.

    Answer: G

    Reference:

    http://technet.microsoft.com/en-us/magazine/ff458614.aspx

    Configure Windows Server 2008 to Notify you when Certain Events Occur

    You can configure alerts to notify you when certain events occur or when certain performance thresholds are reached. You can send these alerts as network messages and as events that are logged in the application event log. You can also configure alerts to start applications and performance logs.

    To configure an alert, follow these steps:

    1. In Performance Monitor, under the Data Collector Sets node, right-click the User-Defined node in the left pane, point to New, and then choose Data Collector Set.

2. (…)

  1. In the Performance Counters panel, select the first counter, and then use the Alert When Value Is text box to set the occasion when an alert for this counter is triggered. Alerts can be triggered when the counter is above or below a specific value. Select Above or Below, and then set the trigger value. The unit of measurement is whatever makes sense for the currently selected counter or counters. For example, to generate an alert if processor time is over 95 percent, select Over, and then type 95. Repeat this process to configure other counters you’ve selected.

    Question No: 314 – (Topic 4)

    Your network contains an Active Directory domain named contoso.com.

    The Active Directory sites are configured as shown in the Sites exhibit. (Click the Exhibit button.)

    Ensurepass 2018 PDF and VCE

    You need to ensure that DC1 and DC4 are the only servers that replicate Active Directory changes between the sites.

    What should you do?

    1. Configure DC1 as a preferred bridgehead server for IP transport.

    2. Configure DC4 as a preferred bridgehead server for IP transport.

    3. From the DC4 server object, create a Connection object for DC1.

    4. From the DC1 server object, create a Connection object for DC4.

      Answer: A

      Reference:

      MCTS 70-640 Cert Guide: Windows Server 2008 Active Directory, Configuring (Pearson IT Certification, 2010) pages 193, 194

      Bridgehead Servers

      A bridgehead server is the domain controller designated by each site’s KCC to take control of intersite replication. The bridgehead server receives information replicated from other sites and replicates it to its site’s other domain controllers. It ensures that the greatest portion of replication occurs within sites rather than between them.

      In most cases, the KCC automatically decides which domain controller acts as the bridgehead server.

      However, you can use Active Directory Sites and Services to specify which domain controller will be the preferred bridgehead server by using the following steps:

      1. In Active Directory Sites and Services, expand the site in which you want to specify the preferred bridgehead server.

      2. Expand the Servers folder to locate the desired server, right-click it, and then choose Properties.

      3. From the list labeled Transports available for intersite data transfer, select the protocol(s) for which you want to designate this server as a preferred bridgehead server and then click add.

        Question No: 315 – (Topic 4)

        Your network contains a domain controller that runs Windows Server 2008 R2.

        You need to reset the Directory Services Restore Mode (DSRM) password on the domain controller.

        Which tool should you use?

        1. Ntdsutil

        2. Dsamain

        3. Active Directory Users and Computers

        4. Local Users and Groups

          Answer: A

          Reference:

          http://blogs.technet.com/b/meamcs/archive/2012/05/29/reset-the-dsrm-administrator- password.aspx

          To Reset the DSRM Administrator Password

          1. Click, Start, click Run, type ntdsutil, and then click OK.

          2. At the Ntdsutil command prompt, type set dsrm password.

            Question No: 316 – (Topic 4)

            Your network contains an Active Directory domain named contoso.com.

            You have an organizational unit (OU) named Sales and an OU named Engineering.

            You need to ensure that when users log on to client computers, they are added automatically to the local Administrators group. The users must be removed from the group when they log off of the client computers.

            What should you do?

            1. Modify the Group Policy permissions.

            2. Enable block inheritance.

            3. Configure the link order.

            4. Enable loopback processing in merge mode.

            5. Enable loopback processing in replace mode.

            6. Configure WMI filtering.

            7. Configure Restricted Groups.

            8. Configure Group Policy Preferences.

            9. Link the Group Policy object (GPO) to the Sales OU.

            10. Link the Group Policy object (GPO) to the Engineering OU.

Answer: H

Reference:

http://daniel.streefkerkonline.com/managing-local-admins-using-gpp/

http://www.grouppolicy.biz/2010/01/how-to-use-group-policy-preferences-to-secure-local- administrator-groups/

Question No: 317 – (Topic 4)

Your network contains an Active Directory domain named contoso.com. The contoso.com domain contains a domain controller named DC1.

You create an Active Directory-integrated GlobalNames zone. You add an alias (CNAME) resource record named Server1 to the zone. The target host of the record is server2.contoso.com.

When you ping Server1, you discover that the name fails to resolve. You are able to

successfully ping server2.contoso.com.

You need to ensure that you can resolve names by using the GlobalNames zone. Which command should you run?

  1. Dnscmd DCl.contoso.com /ZoneAdd GlobalNames /DsPrimary /DP /domain

  2. Dnscmd DCl.contoso.com /config /Enableglobalnamessupport forest

  3. Dnscmd DCl.contoso.com /config /Enableglobalnamessupport 1

  4. Dnscmd DCl.contoso.com /ZoneAdd GlobalNames /DsPrimary /DP /forest

Answer: C Explanation:

Support for Globalnames must be enabled, otherwise the DNS Server service does not resolve single-label names in the GlobalNames zone.

Reference:

http://technet.microsoft.com/en-us/library/cc772069.aspx

dnscmd /config Changes values in the registry for the DNS server and individual zones. Accepts server-level settings and zone-level settings.

Parameter

/enableglobalnamessupport {0|1}

Enables or disables support for the GlobalNames zone. The GlobalNames zone supports resolution of singlelabel

DNS names across a forest. 0

Disables support for the GlobalNames zone. When you set the value of this command to 0, the DNS Server service does not resolve single-label names in the GlobalNames zone.

1

Enables support for the GlobalNames zone. When you set the value of this command to 1, the DNS Server service resolves single-label names in the GlobalNames zone.

Question No: 318 – (Topic 4)

Your company has an Active Directory forest. Each regional office has an organizational unit (OU) named Marketing. The Marketing OU contains all users and computers in the region#39;s Marketing department.

You need to install a Microsoft Office 2007 application only on the computers in the Marketing OUs.

You create a GPO named MarketingApps. What should you do next?

  1. Configure the GPO to assign the application to the computer account. Link the GPO to the domain.

  2. Configure the GPO to assign the application to the user account. Link the GPO to each Marketing OU.

  3. Configure the GPO to assign the application to the computer account. Link the GPO to each Marketing OU.

  4. Configure the GPO to publish the application to the user account. Link the GPO to each Marketing OU.

Answer: C Explanation:

We need to assign the software to the computers, and link the GPO to each Marketing OU. We do not link it to the domain, then every computer would have the software.

Reference: http://support.microsoft.com/kb/816102

You can use Group Policy to distribute computer programs by using the following methods:

Assigning Software You can assign a program distribution to users or computers. If you assign the program to a user, it is installed when the user logs on to the computer. When the user first runs the program, the installation is completed. If you assign the program to a computer, it is installed when the computer starts, and it is available to all users who log on to the computer. When a user first runs the program, the installation is completed.

Publishing Software

You can publish a program distribution to users. When the user logs on to the computer, the published program is displayed in the Add or Remove Programs dialog box, and it can be installed from there.

Question No: 319 – (Topic 4)

Your network contains a server named Server1. The Active Directory Rights Management Services (AD RMS) server role is installed on Server1.

An administrator changes the password of the user account that is used by AD RMS. You need to update AD RMS to use the new password.

Which console should you use?

  1. Active Directory Rights Management Services

  2. Active Directory Users and Computers

  3. Local Users and Groups

  4. Services

Answer: A

Reference:

http://social.technet.microsoft.com/wiki/contents/articles/13034.ad-rms-how-to-change-the- rms-serviceaccount-password.aspx

AD RMS How To: Change the RMS Service Account Password

The Active Directory Rights Management Services management console provides a wizard to change or update the AD RMS service account. The most common use for this process is to update the service account password when it has been changed.

It is important to use this process to update or change the AD RMS service account. This ensures the necessary components are updated properly.

Question No: 320 – (Topic 4)

Your network contains an Active Directory forest. The forest schema contains a custom attribute for user objects.

You need to generate a file that contains the last logon time and the custom attribute

values for each user in the forest. What should you use?

  1. the Get-ADUser cmdlet

  2. the Export-CSV cmdlet

  3. the Net User command

  4. the Dsquery User tool

Answer: A Explanation:

Export-CSV cannot perform queries. It is used to save queries that have been piped through.

Net User is too limited for our question. Get-ADUser

References:

https://devcentral.f5.com/weblogs/Joe/archive/2009/01/09/powershell-abcs–o-is-for- output.aspx

http://social.technet.microsoft.com/Forums/en-US/winserverpowershell/thread/8d8649d9- f591-4b44-b838-e0f5f3a591d7

http://kpytko.wordpress.com/2012/07/30/lastlogon-vs-lastlogontimestamp/

Export-Csv Reference:

http://technet.microsoft.com/en-us/library/ee176825.aspx Saving Data as a Comma-Separated Values File

The Export-Csv cmdlet makes it easy to export data as a comma-separated values (CSV) file; all you need to do is call Export-Csv followed by the path to the CSV file. For example, this command uses Get-Process to grab information about all the processes running on the computer, then uses Export-Csv to write that data to a file named C:\Scripts\Test.txt: Get- Process | Export-Csv c:\scripts\test.txt.

Net User

Reference:

http://technet.microsoft.com/en-us/library/cc771865.aspx

Adds or modifies user accounts, or displays user account information.

DSQUERY

Reference 1:

http://technet.microsoft.com/en-us/library/cc754232.aspx

Parameters

{lt;StartNodegt; | forestroot | domainroot}

Specifies the node in the console tree where the search starts. You can specify the forest root (forestroot), domain root (domainroot), or distinguished name of a node as the start node lt;StartNodegt;. If you specify forestroot, AD DS searches by using the global catalog.

-attr {lt;AttributeListgt; | *} Specifies that the semicolon separated LDAP display names included in lt;AttributeListgt; for each entry in the result set. If you specify the value of this parameter as a wildcard character (*), this parameter displays all attributes that are present on the object in the result set. In addition, if you specify a *, this parameter uses the default output format (a list), regardless of whether you specify the -l parameter. The default

lt;AttributeListgt; is a distinguished name. Reference 2:

http://social.technet.microsoft.com/Forums/eu/winserverDS/thread/dda5fcd6-1a10-4d47- 9379-02ca38aaa65b

Give an example of how to find a user with certain attributes using Dsquery. Note that it uses domainroot as the startnode, instead of forestroot what we need.

Reference 3:

http://social.technet.microsoft.com/Forums/en-US/winservergen/thread/c6fc3826-78e1- 48fd-ab6f-690378e0f787/

List all last login times for all users, regardless of whether they are disabled.

dsquery * -filter quot;(amp;(objectCategory=user)(objectClass=user))quot; -limit 0 -attr givenName sn sAMAccountName

lastLogongt;gt;c:\last_logon_for_all.txt

100% Ensurepass Free Download!
Download Free Demo:70-640 Demo PDF
100% Ensurepass Free Guaranteed!
Download 2018 EnsurePass 70-640 Full Exam PDF and VCE

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.