[Free] 2018(Aug) Dumps4cert Microsoft 70-640 Dumps with VCE and PDF Download 101-110

Dumps4cert.com : Latest Dumps with PDF and VCE Files
2018 Aug Microsoft Official New Released 70-640
100% Free Download! 100% Pass Guaranteed!

Windows Server 2008 Active Directory, Configuring

Question No: 101 – (Topic 2)

Your network contains a single Active Directory domain that has two sites named Site1 and Site2. Site1 has two domain controllers named DC1 and DC2. Site2 has two domain controllers named DC3 and DC4.

DC3 fails.

You discover that replication no longer occurs between the sites.

You verify the connectivity between DC4 and the domain controllers in Site1. On DC4, you run repadmin.exe /kcc.

Replication between the sites continues to fail.

You need to ensure that Active Directory data replicates between the sites. What should you do?

  1. From Active Directory Sites and Services, modify the properties of DC3.

  2. From Active Directory Sites and Services, modify the NTDS Site Settings of Site2.

  3. From Active Directory Users and Computers, modify the location settings of DC4.

  4. From Active Directory Users and Computers, modify the delegation settings of DC4.

    Answer: A

    Reference:

    MCTS 70-640 Cert Guide: Windows Server 2008 Active Directory, Configuring (Pearson IT Certification, 2010) pages 193, 194

    Bridgehead Servers

    A bridgehead server is the domain controller designated by each site’s KCC to take control of intersite replication. The bridgehead server receives information replicated from other sites and replicates it to its site’s other domain controllers. It ensures that the greatest portion of replication occurs within sites rather than between them.

    In most cases, the KCC automatically decides which domain controller acts as the bridgehead server.

    However, you can use Active Directory Sites and Services to specify which domain controller will be the preferred bridgehead server by using the following steps:

    1. In Active Directory Sites and Services, expand the site in which you want to specify the preferred bridgehead server.

    2. Expand the Servers folder to locate the desired server, right-click it, and then choose

      Properties.

    3. From the list labeled Transports available for intersite data transfer, select the protocol(s) for which you want to designate this server as a preferred bridgehead server and then click Add.

      Question No: 102 – (Topic 2)

      You have an Active Directory domain named contoso.com.

      You have a domain controller named Server1 that is configured as a DNS server.

      Server1 hosts a standard primary zone for contoso.com. The DNS configuration of Server1 is shown in the exhibit. (Click the Exhibit button.)

      Dumps4Cert 2018 PDF and VCE

      You discover that stale resource records are not automatically removed from the contoso.com zone.

      You need to ensure that the stale resource records are automatically removed from the contoso.com zone.

      What should you do?

      1. Set the scavenging period of Server1 to 0 days.

      2. Modify the Server Aging/Scavenging properties.

      3. Configure the aging properties for the contoso.com zone.

      4. Convert the contoso.com zone to an Active Directory-integrated zone.

        Answer: C Explanation:

        Dumps4Cert 2018 PDF and VCE

        C:\Documents and Settings\usernwz1\Desktop\1.PNG

        http://technet.microsoft.com/en-us/library/cc816625(v=ws.10).aspx Set Aging and Scavenging Properties for a Zone

        The DNS Server service supports aging and scavenging features. These features are provided as a mechanism for performing cleanup and removal of stale resource records, which can accumulate in zone data over time.

        You can use this procedure to set the aging and scavenging properties for a specific zone using either the DNS Manager snap-in or the dnscmd command-line tool.

        To set aging and scavenging properties for a zone using the Windows interface

        1. Open DNS Manager. To open DNS Manager, click Start, point to Administrative Tools, and then click DNS.

        2. In the console tree, right-click the applicable zone, and then click Properties.

        3. On the General tab, click Aging.

        4. Select the Scavenge stale resource records check box.

        5. Modify other aging and scavenging properties as needed.

To set aging and scavenging properties for a zone using a command line

  1. Open a command prompt. To open an elevated Command Prompt window, click Start, point to All

    Programs, click Accessories, right-click Command Prompt, and then click Run as administrator.

  2. At the command prompt, type the following command, and then press ENTER:

    dnscmd lt;ServerNamegt; /Config lt;ZoneNamegt; {/Aging lt;Valuegt;|/RefreshInterval lt;Valuegt;|/ NoRefreshInterval lt;Valuegt;}

    Dumps4Cert 2018 PDF and VCE

    C:\Documents and Settings\usernwz1\Desktop\1.PNG

    Question No: 103 – (Topic 2)

    Your company has a main office and five branch offices that are connected by WAN links. The company has an Active Directory domain named contoso.com.

    Each branch office has a member server configured as a DNS server. All branch office DNS servers host a secondary zone for contoso.com.

    You need to configure the contoso.com zone to resolve client queries for at least four days in the event that a WAN link fails.

    What should you do?

    1. Configure the Expires after option for the contoso.com zone to 4 days.

    2. Configure the Retry interval option for the contoso.com zone to 4 days.

    3. Configure the Refresh interval option for the contoso.com zone to 4 days.

    4. Configure the Minimum (default) TTL option for the contoso.com zone to 4 days.

      Answer: A Explanation:

      http://technet.microsoft.com/en-us/library/cc816704(v=ws.10).aspx Adjust the Expire Interval for a Zone

      You can use this procedure to adjust the expire interval for a Domain Name System (DNS) zone. Other DNS servers that are configured to load and host the zone use the expire interval to determine when zone data expires if it is not successfully transferred. By default, the expire interval for each zone is set to one day.

      You can complete this procedure using either the DNS Manager snap-in or the dnscmd command-line tool.

      To adjust the expire interval for a zone using the Windows interface

      1. Open DNS Manager. To open DNS Manager, click Start, point to Administrative Tools, and then click DNS.

      2. In the console tree, right-click the applicable zone, and then click Properties.

      3. On the General tab, verify that the zone type is either Primary or Active Directory- integrated.

      4. Click the Start of Authority (SOA) tab.

      5. In Expires after, click a time period in minutes, hours, or days, and then type a number in the text box.

      6. Click OK to save the adjusted interval.

        Question No: 104 – (Topic 2)

        Your company has an Active Directory domain. All consultants belong to a global group named TempWorkers.

        The TempWorkers group is not nested in any other groups.

        You move the computer objects of three file servers to a new organizational unit named SecureServers. These file servers contain only confidential data in shared folders.

        You need to prevent members of the TempWorkers group from accessing the confidential data on the file servers.

        You must achieve this goal without affecting access to other domain resources. What should you do?

        1. Create a new GPO and link it to the SecureServers organizational unit. Assign the Deny access to this computer from the network user right to the TempWorkers global group.

        2. Create a new GPO and link it to the domain. Assign the Deny access to this computer from the network user right to the TempWorkers global group.

        3. Create a new GPO and link it to the domain. Assign the Deny log on locally user right to the TempWorkers global group.

        4. Create a new GPO and link it to the SecureServers organizational unit. Assign the Deny log on locally user right to the TempWorkers global group.

Answer: A Explanation: Personal comment:

Basically, you need to create a GPO for the Secure Servers and deny the TempWorkers access to the shared folders (implies access from the network).

quot;Deny log on locallyquot; makes no sense in this instance, because we are reffering to shared folder and supposedly physical access to servers should be highly restricted.

And best practices recommend that you link GPOs at the domain level only for domain wide purposes.

Question No: 105 – (Topic 2)

Your network contains an Active Directory forest. The forest contains two domains named contoso.com and woodgrovebank.com.

You have a custom attribute named Attibute1 in Active Directory. Attribute1 is associated to User objects.

You need to ensure that Attribute1 is replicated to the global catalog. What should you do?

  1. In Active Directory Sites and Services, configure the NTDS Settings.

  2. In Active Directory Sites and Services, configure the universal group membership caching.

  3. From the Active Directory Schema snap-in, modify the properties of the User class schema object.

  4. From the Active Directory Schema snap-in, modify the properties of the Attibute1 class schema attribute.

    Answer: D Explanation:

    http://www.tech-faq.com/the-global-catalog-server.html The Global Catalog Server

    The Global Catalog (GC) is an important component in Active Directory because it serves as the central information store of the Active Directory objects located in domains and forests. Because the GC maintains a list of the Active Directory objects in domains and forests without actually including all information on the objects and it is used when users search for Active Directory objects or for specific attributes of an object, the GC improves network performance and provides maximum accessibility to Active Directory objects.

    How to Include Additional Attributes in the GC

    The number of attributes in the GC affects GC replication. The more attributes the GC servers have to replicate, the more network traffic GC replication creates. Default attributes are included in the GC when Active

    Directory is first deployed. The Active Directory Schema snap-in can be used to add any additional attribute to the GC. Because the snap-in is by default not included in the Administrative Tools Menu, users have to add it to the MMC before it can be used to customize the GC.

    To add the Active Directory Schema snap-in in the MMC:

    1. Click Start, Run, and enter cmd in the Run dialog box. Press Enter.

    2. Enter the following at the command prompt: regsvr32 schmmgmt.dll.

    3. Click OK to acknowledge that the dll was successfully registered.

    4. Click Start, Run, and enter mmc in the Run dialog box.

    5. When the MMC opens, select Add/Remove Snap-in from the File menu.

    6. In the Add/Remove Snap-in dialog box, click Add then add the Active Directory Schema snap-in from the

      Add Standalone Snap-in dialog box.

    7. Close all open dialog boxes.

To include additional attributes in the GC:

  1. Open the Active Directory Schema snap-in.

  2. In the console tree, expand the Attributes container, right-click an attribute, and click Properties from the shortcut menu.

  3. Additional attributes are added on the General tab.

  4. Ensure that the Replicate this attribute to the Global Catalog checkbox is enabled.

  5. Click OK.

    Question No: 106 – (Topic 2)

    You are formulating the backup strategy for Active Directory Lightweight Directory Services (AD LDS) to ensure that data and log files are backed up regularly. This will also ensure the continued availability of data to applications and users in the event of a system failure.

    Because you have limited media resources, you decided to backup only specific ADLDS instance instead of taking backup of the entire volume.

    What should you do to accomplish this task?

    1. Use Windows Server backup utility and enable checkbox to take only backup of database and log files of AD LDS

    2. Use Dsdbutil.exe tool to create installation media that corresponds only to the ADLDS instance

    3. Move AD LDS database and log files on a separate volume and use windows server backup utility

    4. None of the above

Answer: B

Reference:

http://technet.microsoft.com/en-us/library/cc730941.aspx Backing up AD LDS instance data with Dsdbutil.exe

With the Dsdbutil.exe tool, you can create installation media that corresponds only to the AD LDS instance that you want to back up, as opposed to backing up entire volumes that contain the AD LDS instance.

Question No: 107 – (Topic 2)

Company runs Window Server 2008 on all of its servers. It has a single Active Directory domain and it uses Enterprise Certificate Authority. The security policy at ABC.com makes it necessary to examine revoked certificate information.

You need to make sure that the revoked certificate information is available at all times. What should you do to achieve that?

  1. Add and configure a new GPO (Group Policy Object) that enables users to accept peer certificates and link the GPO to the domain.

  2. Configure and use a GPO to publish a list of trusted certificate authorities to the domain

  3. Configure and publish an OCSP (Online certificate status protocol) responder through ISAS (Internet Security and Acceleration Server) array.

  4. Use network load balancing and publish an OCSP responder.

  5. None of the above

Answer: D Explanation:

http://technet.microsoft.com/en-us/library/ee619754(v=ws.10).aspx How Certificate Revocation Works

Question No: 108 – (Topic 2)

Your network contains an Active Directory forest named contoso.com. You plan to add a new domain named nwtraders.com to the forest.

All DNS servers are domain controllers.

You need to ensure that the computers in nwtraders.com can update their Host (A) records on any of the DNS servers in the forest.

What should you do?

  1. Add the computer accounts of all the domain controllers to the DnsAdmins group.

  2. Add the computer accounts of all the domain controllers to the DnsUpdateProxy group.

  3. Create a standard primary zone on a domain controller in the forest root domain.

  4. Create an Active Directory-integrated zone on a domain controller in the forest root domain.

Answer: D

Question No: 109 – (Topic 2)

Your network contains two Active Directory forests named contoso.com and adatum.com. Active Directory Rights Management Services (AD RMS) is deployed in contoso.com. An AD RMS trusted user domain (TUD) exists between contoso.com and adatum.com.

From the AD RMS logs, you discover that some clients that have IP addresses in the adatum.com forest are authenticating as users from contoso.com.

You need to prevent users from impersonating contoso.com users. What should you do?

  1. Configure trusted e-mail domains.

  2. Enable lockbox exclusion in AD RMS.

  3. Create a forest trust between adatum.com and contoso.com.

  4. Add a certificate from a third-party trusted certification authority (CA).

Answer: A Explanation:

http://technet.microsoft.com/en-us/library/cc753930.aspx Add a Trusted User Domain

By default, Active Directory Rights Management Services (AD RMS) does not service requests from users whose rights account certificate (RAC) was issued by a different AD RMS installation. However, you can add user domains to the list of trusted user domains (TUDs), which allows AD RMS to process such requests.

For each trusted user domain (TUD), you can also add and remove specific users or groups of users. In addition, you can remove a TUD; however, you cannot remove the root cluster for this Active Directory forest from the list of TUDs. Every AD RMS server trusts the root cluster in its own forest.

You can add TUDs as follows:

To support external users in general, you can trust Windows Live ID. This allows an AD RMS cluster that is in your company to process licensing requests that include a RAC that was issued by Microsoft’s online RMS service. For more information about trusting Windows Live ID in your organization, see Use Windows Live ID to Establish RACs for Users.

To trust external users from another organization’s AD RMS installation, you can add the organization to the list of TUDs. This allows an AD RMS cluster to process a licensing request that includes a RAC that was issued by an AD RMS server that is in the other organization.

In the same manner, to process licensing requests from users within your own organization who reside in a different Active Directory forest, you can add the AD RMS installation in that forest to the list of TUDs. This allows an AD RMS cluster in the current forest to process a licensing request that includes a RAC that was issued by an AD RMS cluster in the other forest.

For each TUD, you can specify which e-mail domains are trusted. For trusted Windows Live ID sites and services, you can specify which e-mail users or domains are not trusted.

Question No: 110 – (Topic 2)

Your network contains an Active Directory domain named contoso.com. You remove several computers from the network.

You need to ensure that the host (A) records for the removed computers are automatically deleted from the contoso.com DNS zone.

What should you do?

  1. Configure dynamic updates.

  2. Configure aging and scavenging.

  3. Create a scheduled task that runs the Dnscmd /ClearCache command.

  4. Create a scheduled task that runs the Dnscmd /ZoneReload contoso.com command.

    Answer: B Explanation:

    Dumps4Cert 2018 PDF and VCE

    C:\Documents and Settings\usernwz1\Desktop\1.PNG

    http://technet.microsoft.com/en-us/library/cc816625(v=ws.10).aspx Set Aging and Scavenging Properties for a Zone

    The DNS Server service supports aging and scavenging features. These features are provided as a mechanism for performing cleanup and removal of stale resource records, which can accumulate in zone data over time.

    You can use this procedure to set the aging and scavenging properties for a specific zone using either the DNS Manager snap-in or the dnscmd command-line tool.

    To set aging and scavenging properties for a zone using the Windows interface

    1. Open DNS Manager. To open DNS Manager, click Start, point to Administrative Tools, and then click DNS.

    2. In the console tree, right-click the applicable zone, and then click Properties.

    3. On the General tab, click Aging.

    4. Select the Scavenge stale resource records check box.

    5. Modify other aging and scavenging properties as needed.

To set aging and scavenging properties for a zone using a command line

  1. Open a command prompt. To open an elevated Command Prompt window, click Start, point to All

    Programs, click Accessories, right-click Command Prompt, and then click Run as administrator.

  2. At the command prompt, type the following command, and then press ENTER:

    dnscmd lt;ServerNamegt; /Config lt;ZoneNamegt; {/Aging lt;Valuegt;|/RefreshInterval lt;Valuegt;|/ NoRefreshInterval lt;Valuegt;}

    Dumps4Cert 2018 PDF and VCE

    C:\Documents and Settings\usernwz1\Desktop\1.PNG

    100% Dumps4cert Free Download!
    70-640 PDF
    100% Dumps4cert Pass Guaranteed!
    70-640 Dumps

    Dumps4cert ExamCollection Testking
    Lowest Price Guarantee Yes No No
    Up-to-Dated Yes No No
    Real Questions Yes No No
    Explanation Yes No No
    PDF VCE Yes No No
    Free VCE Simulator Yes No No
    Instant Download Yes No No


Leave a Reply

Your email address will not be published. Required fields are marked *

  • Categories

  • Tags

  • Hot Exams

  • Hot Exams

  • Hot Catageories

  • microsoft dumps

    62-193 Dumps
    70-243 Dumps
    70-246 Dumps
    70-247 Dumps
    70-331 Dumps
    70-332 Dumps
    70-333 Dumps
    70-334 Dumps
    70-339 Dumps
    70-341 Dumps
    70-342 Dumps
    70-345 Dumps
    70-346 Dumps
    70-347 Dumps
    70-348 Dumps
    70-354 Dumps
    70-355 Dumps
    70-357 Dumps
    70-383 Dumps
    70-384 Dumps
    70-385 Dumps
    70-398 Dumps
    70-410 Dumps
    70-411 Dumps
    70-412 Dumps
    70-413 Dumps
    70-414 Dumps
    70-417 Dumps
    70-461 Dumps
    70-462 Dumps
    70-463 Dumps
    70-464 Dumps
    70-465 Dumps
    70-466 Dumps
    70-467 Dumps
    70-469 Dumps
    70-470 Dumps
    70-473 Dumps
    70-475 Dumps
    70-480 Dumps
    70-481 Dumps
    70-482 Dumps
    70-483 Dumps
    70-484 Dumps
    70-485 Dumps
    70-486 Dumps
    70-487 Dumps
    70-488 Dumps
    70-489 Dumps
    70-490 Dumps
    70-491 Dumps
    70-492 Dumps
    70-494 Dumps
    70-496 Dumps
    70-497 Dumps
    70-498 Dumps
    70-499 Dumps
    70-517 Dumps
    70-532 Dumps
    70-533 Dumps
    70-534 Dumps
    70-535 Dumps
    70-537 Dumps
    70-640 Dumps
    70-642 Dumps
    70-646 Dumps
    70-673 Dumps
    70-680 Dumps
    70-681 Dumps
    70-682 Dumps
    70-684 Dumps
    70-685 Dumps
    70-686 Dumps
    70-687 Dumps
    70-688 Dumps
    70-689 Dumps
    70-692 Dumps
    70-694 Dumps
    70-695 Dumps
    70-696 Dumps
    70-697 Dumps
    70-698 Dumps
    70-703 Dumps
    70-705 Dumps
    70-713 Dumps
    70-734 Dumps
    70-735 Dumps
    70-740 Dumps
    70-741 Dumps
    70-742 Dumps
    70-743 Dumps
    70-744 Dumps
    70-745 Dumps
    70-761 Dumps
    70-762 Dumps
    70-764 Dumps
    70-765 Dumps
    70-767 Dumps
    70-768 Dumps
    70-773 Dumps
    70-774 Dumps
    70-775 Dumps
    70-776 Dumps
    70-778 Dumps
    70-779 Dumps
    70-980 Dumps
    70-981 Dumps
    70-982 Dumps
    74-343 Dumps
    74-344 Dumps
    74-409 Dumps
    74-678 Dumps
    74-697 Dumps
    77-418 Dumps
    77-419 Dumps
    77-420 Dumps
    77-421 Dumps
    77-422 Dumps
    77-423 Dumps
    77-424 Dumps
    77-425 Dumps
    77-426 Dumps
    77-427 Dumps
    77-428 Dumps
    77-600 Dumps
    77-601 Dumps
    77-602 Dumps
    77-603 Dumps
    77-604 Dumps
    77-605 Dumps
    77-725 Dumps
    77-726 Dumps
    77-727 Dumps
    77-728 Dumps
    77-729 Dumps
    77-730 Dumps
    77-731 Dumps
    77-853 Dumps
    77-881 Dumps
    77-882 Dumps
    77-883 Dumps
    77-884 Dumps
    77-885 Dumps
    77-886 Dumps
    77-887 Dumps
    77-888 Dumps
    77-891 Dumps
    98-349 Dumps
    98-361 Dumps
    98-362 Dumps
    98-363 Dumps
    98-364 Dumps
    98-365 Dumps
    98-366 Dumps
    98-367 Dumps
    98-368 Dumps
    98-369 Dumps
    98-372 Dumps
    98-373 Dumps
    98-374 Dumps
    98-375 Dumps
    98-379 Dumps
    98-380 Dumps
    98-381 Dumps
    98-382 Dumps
    98-383 Dumps
    98-388 Dumps
    AZ-100 Dumps
    AZ-101 Dumps
    AZ-102 Dumps
    INF-203x Dumps
    INF-204x Dumps
    INF-205x Dumps
    INF-206x Dumps
    MB2-700 Dumps
    MB2-701 Dumps
    MB2-702 Dumps
    MB2-703 Dumps
    MB2-704 Dumps
    MB2-706 Dumps
    MB2-707 Dumps
    MB2-708 Dumps
    MB2-709 Dumps
    MB2-710 Dumps
    MB2-711 Dumps
    MB2-712 Dumps
    MB2-713 Dumps
    MB2-714 Dumps
    MB2-715 Dumps
    MB2-716 Dumps
    MB2-717 Dumps
    MB2-718 Dumps
    MB2-719 Dumps
    MB2-877 Dumps
    MB5-705 Dumps
    MB6-700 Dumps
    MB6-701 Dumps
    MB6-702 Dumps
    MB6-703 Dumps
    MB6-704 Dumps
    MB6-705 Dumps
    MB6-884 Dumps
    MB6-885 Dumps
    MB6-886 Dumps
    MB6-889 Dumps
    MB6-890 Dumps
    MB6-892 Dumps
    MB6-893 Dumps
    MB6-894 Dumps
    MB6-895 Dumps
    MB6-896 Dumps
    MB6-897 Dumps
    MB6-898 Dumps