[Free] 2018(Aug) Dumps4cert Microsoft 70-640 Dumps with VCE and PDF Download 121-130

Dumps4cert.com : Latest Dumps with PDF and VCE Files
2018 Aug Microsoft Official New Released 70-640
100% Free Download! 100% Pass Guaranteed!

Windows Server 2008 Active Directory, Configuring

Question No: 121 – (Topic 2)

ABC.com has a network that consists of a single Active Directory domain. A technician has accidently deleted an Organizational unit (OU) on the domain controller. As an administrator of ABC.com, you are in process of restoring the OU.

You need to execute a non-authoritative restore before an authoritative restore of the OU.

Which backup should you use to perform non- authoritative restore of Active Directory Domain Services (AD DS) without disturbing other data stored on domain controller?

  1. Critical volume backup

  2. Backup of all the volumes

  3. Backup of the volume that hosts Operating system

  4. Backup of AD DS folders

  5. all of the above

Answer: A Explanation:

http://technet.microsoft.com/en-us/library/cc730683(v=ws.10).aspx Performing a Nonauthoritative Restore of AD DS

To perform a nonauthoritative restore of Active Directory Domain Services (AD DS), you need at least a system state backup.

To restore a system state backup, use the wbadmin start systemstaterecovery command. The procedure in this topic uses the wbadmin start systemstaterecovery command.

You can also use a critical-volume backup to perform a nonauthoritative restore, or a full server backup if you do not have a system state or critical-volume backup. A full server backup is generally larger than a critical-volume backup or system state backup. Restoring a full server backup not only rolls back data in AD DS to the time of backup, but it also rolls back all data in other volumes. Rolling back this additional data is not necessary to achieve nonauthoritative restore of AD DS. To restore a critical-volume backup or full server backup, use the wbadmin start recovery command.

Question No: 122 – (Topic 2)

You have a DNS zone that is stored in a custom application directory partition. You install a new domain controller.

You need to ensure that the custom application directory partition replicates to the new domain controller.

What should you use?

  1. the Active Directory Administrative Center console

  2. the Active Directory Sites and Services console

  3. the DNS Manager console

  4. the Dnscmd tool

Answer: D

Reference:

http://technet.microsoft.com/en-us/library/cc772069.aspx

dnscmd /enlistdirectorypartition Adds the DNS server to the specified directory partition#39;s replica set.

Question No: 123 – (Topic 2)

Your company has a main office and a branch office.

The network contains an Active Directory domain named contoso.com. The DNS zone for contoso.com is configured as an Active Directory-integrated zone and is replicated to all domain controllers in the domain.

The main office contains a writable domain controller named DC1. The branch office contains a read- only domain controller (RODC) named RODC1. All domain controllers run Windows Server 2008 R2 and are configured as DNS servers.

You uninstall the DNS server role from RODC1.

You need to prevent DNS records from replicating to RODC1. What should you do?

  1. Modify the replication scope for the contoso.com zone.

  2. Flush the DNS cache and enable cache locking on RODC1.

  3. Configure conditional forwarding for the contoso.com zone.

  4. Modify the zone transfer settings for the contoso.com zone.

Answer: A Explanation:

http://technet.microsoft.com/en-us/library/cc754916.aspx Change the Zone Replication Scope

You can use the following procedure to change the replication scope for a zone. Only Active Directory Domain Services (AD DS)-integrated primary and stub forward lookup zones can change their replication scope.

Secondary forward lookup zones cannot change their replication scope. http://technet.microsoft.com/en-us/library/cc772101.aspx

Understanding DNS Zone Replication in Active Directory Domain Services

You can store Domain Name System (DNS) zones in the domain or application directory partitions of Active

Directory Domain Services (AD DS). A partition is a data structure in AD DS that distinguishes data for different replication purposes.

The following table describes the available zone replication scopes for AD DS-integrated DNS zone data.

Dumps4Cert 2018 PDF and VCE

C:\Documents and Settings\usernwz1\Desktop\1.PNG

When you decide which replication scope to choose, consider that the broader the replication scope, the greater the network traffic caused by replication. For example, if you decide to have AD DS-integrated DNS zone data replicated to all DNS servers in the forest, this will produce greater network traffic than replicating the DNS zone data to all DNS servers in a single AD DS domain in that forest.

AD DS-integrated DNS zone data that is stored in an application directory partition is not replicated to the global catalog for the forest. The domain controller that contains the global catalog can also host application directory partitions, but it will not replicate this data to its global catalog.

AD DS-integrated DNS zone data that is stored in a domain partition is replicated to all domain controllers in its AD DS domain, and a portion of this data is stored in the global catalog. This setting is used to support Windows 2000.

If an application directory partition#39;s replication scope replicates across AD DS sites,

replication will occur with the same intersite replication schedule as is used for domain partition data.

By default, the Net Logon service registers domain controller locator (Locator) DNS resource records for the application directory partitions that are hosted on a domain controller in the same manner as it registers domain controller locator (Locator) DNS resource records for the domain partition that is hosted on a domain controller.

Question No: 124 – (Topic 2)

Your network contains a domain controller that has two network connections named Internal and Private.

Internal has an IP address of 192.168.0.20. Private has an IP address of 10.10.10.5. You need to prevent the domain controller from registering Host (A) records for the 10.10.10.5 IP address.

What should you do?

  1. Modify the netlogon.dns file on the domain controller.

  2. Modify the Name Server settings of the DNS zone for the domain.

  3. Modify the properties of the Private network connection on the domain controller.

  4. Disable netmask ordering on the DNS server that hosts the DNS zone for the domain.

    Answer: C Explanation:

    http://support.microsoft.com/kb/2023004

    Steps to avoid registering unwanted NIC(s) in DNS on a Mulithomed Domain Controller Symptoms On Domain Controllers with more than one NIC where each NIC is connected to separate Network, there is a possibility that the Host A DNS registration can occur for unwanted NIC(s).

    If the client queries for DC’s DNS records and gets an unwanted record or the record of a different network which is not reachable to client, the client will fail to contact the DC causing authentication and many other issues.

    Cause

    The DNS server will respond to the query in a round robin fashion. If the DC has multiple NICs registered in DNS. The DNS will serve the client with all the records available for that

    DC.

    To prevent this, we need to make sure the unwanted NIC address is not registered in DNS. Below are the services that are responsible for Host A record registration on a DC

    1. Netlogon service

    2. DNS server service (if the DC is running DNS server service)

    3. DHCP client /DNS client (2003/2008)

If the NIC card is configured to register the connection address in DNS, then the DHCP

/DNS client service will

Register the record in DNS. Unwanted NIC should be configured not to register the connection address in DNS

If the DC is running DNS server service, then the DNS service will register the interface Host A record that it has set to listen on. The Zone properties, “Name server” tab list out the IP addresses of interfaces present on the DC. If it has listed both the IPs, then DNS server will register Host A record for both the IP addresses.

We need to make sure only the required interface listens for DNS and the zone properties, name server tab has required IP address information

Resolution To avoid this problem perform the following 3 steps (It is important that you follow all the steps to avoid the issue).

  1. Under Network Connections Properties: On the Unwanted NIC TCP/IP Properties -gt; Advanced -gt; DNS –

    gt; Uncheck quot;Register this connections Address in DNSquot;

  2. Open the DNS server console: highlight the server on the left pane Action-gt; Properties and on the quot;Interfacesquot; tab select quot;listen on only the following IP addressesquot;. Remove unwanted IP address from the list

  3. On the Zone properties, select Name server tab. Along with FQDN of the DC, you will see the IP address associated with the DC. Remove unwanted IP address if it is listed. After performing this delete the existing unwanted Host A record of the DC.

    Question No: 125 – (Topic 2)

    You are an administrator at ABC.com. Company has a network of 5 member servers acting as file servers. It has an Active Directory domain.

    You have installed a software application on the servers. As soon as the application is installed, one of the member servers shuts down itself. To trace and rectify the problem, you create a Group Policy Object (GPO).

    You need to change the domain security settings to trace the shutdowns and identify the cause of it.

    What should you do to perform this task?

    1. Link the GPO to the domain and enable System Events option

    2. Link the GPO to the domain and enable Audit Object Access option

    3. Link the GPO to the Domain Controllers and enable Audit Object Access option

    4. Link the GPO to the Domain Controllers and enable Audit Process tracking option

    5. Perform all of the above actions

Answer: A Explanation:

http://msdn.microsoft.com/en-us/library/ms813610.aspx Audit system events

Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy Description Determines whether to audit when a user restarts or shuts down the computer; or an event has occurred that affects either the system security or the security log.

By default, this value is set to No auditing in the Default Domain Controller Group Policy object (GPO) and in the local policies of workstations and servers.

If you define this policy setting, you can specify whether to audit successes, audit failures, or not to audit the event type at all. Success audits generate an audit entry when a system event is successfully executed. Failure audits generate an audit entry when a system event is unsuccessfully attempted. You can select No auditing by defining the policy setting and unchecking Success and Failure.

Question No: 126 – (Topic 2)

Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1. DC1 hosts a standard primary zone for contoso.com.

You discover that non-domain member computers register records in the contoso.com zone.

You need to prevent the non-domain member computers from registering records in the contoso.com zone.

All domain member computers must be allowed to register records in the contoso.com

zone.

What should you do first?

  1. Configure a trust anchor.

  2. Run the Security Configuration Wizard (SCW).

  3. Change the contoso.com zone to an Active Directory-integrated zone.

  4. Modify the security settings of the %SystemRoot%\System32\Dns folder.

Answer: C Explanation:

http://technet.microsoft.com/en-us/library/cc772746(v=ws.10).aspx Active Directory-Integrated Zones

DNS servers running on domain controllers can store their zones in Active Directory. In this way, it is not necessary to configure a separate DNS replication topology that uses ordinary DNS zone transfers, because all zone data is replicated automatically by means of Active Directory replication. This simplifies the process of deploying DNS and provides the following advantages:

Multiple masters are created for DNS replication. Therefore:

Any domain controller in the domain running the DNS server service can write updates to the Active Directory-integrated zones for the domain name for which they are authoritative. A separate DNS zone transfer topology is not needed.

Secure dynamic updates are supported. Secure dynamic updates allow an administrator to control which computers update which names, and prevent unauthorized computers from overwriting existing names in DNS

Question No: 127 – (Topic 2)

Company has an active directory forest on a single domain.

Company needs a distributed application that employs a custom application. The application is directory partition software named PARDAT.

You need to implement this application for data replication.

Which two tools should you use to achieve this task? (Choose two answers. Each answer is a part of a complete solution)

  1. Dnscmd.

  2. Ntdsutil.

  3. Ipconfig

  4. Dnsutil

  5. All of the above

Answer: A,B Explanation:

http://support.microsoft.com/kb/884116

How to create and apply a custom application directory partition on an Active Directory integrated DNS zone in

Windows Server 2003

You can create a custom Active Directory partition by using the DnsCmd command.

If the new naming context that you created does not appear in the Repadmin output, you can verify the state of this naming context by using the Ntdsutil command.

Question No: 128 HOTSPOT – (Topic 2)

Your network contains an Active Directory forest named contoso.com. The forest contains two sites named Seattle and Montreal. The Seattle site contains two domain controllers.

The domain controllers are configured as shown in the following table.

Dumps4Cert 2018 PDF and VCE

You need to enable universal group membership caching in the Seattle site. Which object#39;s properties should you modify?

To answer, select the appropriate object in the answer area.

Dumps4Cert 2018 PDF and VCE

Answer:

Dumps4Cert 2018 PDF and VCE

Question No: 129 – (Topic 2)

Your network contains two Active Directory forests named contoso.com and adatum.com. The functional level of both forests is Windows Server 2008 R2. Each forest contains one domain. Active Directory Certificate Services (AD CS) is configured in the contoso.com forest to allow users from both forests to automatically enroll user certificates.

You need to ensure that all users in the adatum.com forest have a user certificate from the contoso.com certification authority (CA).

What should you configure in the adatum.com domain?

  1. From the Default Domain Controllers Policy, modify the Enterprise Trust settings.

  2. From the Default Domain Controllers Policy, modify the Trusted Publishers settings.

  3. From the Default Domain Policy, modify the Certificate Enrollment policy.

  4. From the Default Domain Policy, modify the Trusted Root Certification Authority settings.

Answer: C Explanation:

http://technet.microsoft.com/en-us/library/dd851772.aspx Manage Certificate Enrollment Policy by Using Group Policy

Configuring certificate enrollment policy settings by using Group Policy

Question No: 130 – (Topic 2)

You have an enterprise subordinate certification authority (CA). The CA issues smart card logon certificates.

Users are required to log on to the domain by using a smart card.

Your company#39;s corporate security policy states that when an employee resigns, his ability to log on to the network must be immediately revoked.

An employee resigns.

You need to immediately prevent the employee from logging on to the domain. What should you do?

  1. Revoke the employee#39;s smart card certificate.

  2. Disable the employee#39;s Active Directory account.

  3. Publish a new delta certificate revocation list (CRL).

  4. Reset the password for the employee#39;s Active Directory account.

Answer: B

Explanation:

http://blog.imanami.com/blog/bid/68864/Delete-or-disable-an-Active-Directory-account- One-best-practice

Delete or disable an Active Directory account? One best practice.

I was recently talking to a customer about the best practice for deprovisioning a terminated employee in Active Directory. Delete or disable? Microsoft doesn#39;t give the clearest direction on this but common sense does.

The case for deleting an account is that, BOOM, no more access. No ifs ands or buts, if there is no account it cannot do anything. The case for disabling an account is that all of the SIDs are still attached to the account and you can bring it back and get the same access right away.

And then the reason for MSFT#39;s lack of direction came into play. Individual needs of the customer. This particular customer is a public school system and they often lay off an employee and have to re-hire them the next month or semester. They need that account back.

100% Dumps4cert Free Download!
70-640 PDF
100% Dumps4cert Pass Guaranteed!
70-640 Dumps

Dumps4cert ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No


Leave a Reply

Your email address will not be published. Required fields are marked *

  • Categories

  • Tags

  • Hot Exams

  • Hot Exams

  • Hot Catageories

  • microsoft dumps

    62-193 Dumps
    70-243 Dumps
    70-246 Dumps
    70-247 Dumps
    70-331 Dumps
    70-332 Dumps
    70-333 Dumps
    70-334 Dumps
    70-339 Dumps
    70-341 Dumps
    70-342 Dumps
    70-345 Dumps
    70-346 Dumps
    70-347 Dumps
    70-348 Dumps
    70-354 Dumps
    70-355 Dumps
    70-357 Dumps
    70-383 Dumps
    70-384 Dumps
    70-385 Dumps
    70-398 Dumps
    70-410 Dumps
    70-411 Dumps
    70-412 Dumps
    70-413 Dumps
    70-414 Dumps
    70-417 Dumps
    70-461 Dumps
    70-462 Dumps
    70-463 Dumps
    70-464 Dumps
    70-465 Dumps
    70-466 Dumps
    70-467 Dumps
    70-469 Dumps
    70-470 Dumps
    70-473 Dumps
    70-475 Dumps
    70-480 Dumps
    70-481 Dumps
    70-482 Dumps
    70-483 Dumps
    70-484 Dumps
    70-485 Dumps
    70-486 Dumps
    70-487 Dumps
    70-488 Dumps
    70-489 Dumps
    70-490 Dumps
    70-491 Dumps
    70-492 Dumps
    70-494 Dumps
    70-496 Dumps
    70-497 Dumps
    70-498 Dumps
    70-499 Dumps
    70-517 Dumps
    70-532 Dumps
    70-533 Dumps
    70-534 Dumps
    70-535 Dumps
    70-537 Dumps
    70-640 Dumps
    70-642 Dumps
    70-646 Dumps
    70-673 Dumps
    70-680 Dumps
    70-681 Dumps
    70-682 Dumps
    70-684 Dumps
    70-685 Dumps
    70-686 Dumps
    70-687 Dumps
    70-688 Dumps
    70-689 Dumps
    70-692 Dumps
    70-694 Dumps
    70-695 Dumps
    70-696 Dumps
    70-697 Dumps
    70-698 Dumps
    70-703 Dumps
    70-705 Dumps
    70-713 Dumps
    70-734 Dumps
    70-735 Dumps
    70-740 Dumps
    70-741 Dumps
    70-742 Dumps
    70-743 Dumps
    70-744 Dumps
    70-745 Dumps
    70-761 Dumps
    70-762 Dumps
    70-764 Dumps
    70-765 Dumps
    70-767 Dumps
    70-768 Dumps
    70-773 Dumps
    70-774 Dumps
    70-775 Dumps
    70-776 Dumps
    70-778 Dumps
    70-779 Dumps
    70-980 Dumps
    70-981 Dumps
    70-982 Dumps
    74-343 Dumps
    74-344 Dumps
    74-409 Dumps
    74-678 Dumps
    74-697 Dumps
    77-418 Dumps
    77-419 Dumps
    77-420 Dumps
    77-421 Dumps
    77-422 Dumps
    77-423 Dumps
    77-424 Dumps
    77-425 Dumps
    77-426 Dumps
    77-427 Dumps
    77-428 Dumps
    77-600 Dumps
    77-601 Dumps
    77-602 Dumps
    77-603 Dumps
    77-604 Dumps
    77-605 Dumps
    77-725 Dumps
    77-726 Dumps
    77-727 Dumps
    77-728 Dumps
    77-729 Dumps
    77-730 Dumps
    77-731 Dumps
    77-853 Dumps
    77-881 Dumps
    77-882 Dumps
    77-883 Dumps
    77-884 Dumps
    77-885 Dumps
    77-886 Dumps
    77-887 Dumps
    77-888 Dumps
    77-891 Dumps
    98-349 Dumps
    98-361 Dumps
    98-362 Dumps
    98-363 Dumps
    98-364 Dumps
    98-365 Dumps
    98-366 Dumps
    98-367 Dumps
    98-368 Dumps
    98-369 Dumps
    98-372 Dumps
    98-373 Dumps
    98-374 Dumps
    98-375 Dumps
    98-379 Dumps
    98-380 Dumps
    98-381 Dumps
    98-382 Dumps
    98-383 Dumps
    98-388 Dumps
    AZ-100 Dumps
    AZ-101 Dumps
    AZ-102 Dumps
    INF-203x Dumps
    INF-204x Dumps
    INF-205x Dumps
    INF-206x Dumps
    MB2-700 Dumps
    MB2-701 Dumps
    MB2-702 Dumps
    MB2-703 Dumps
    MB2-704 Dumps
    MB2-706 Dumps
    MB2-707 Dumps
    MB2-708 Dumps
    MB2-709 Dumps
    MB2-710 Dumps
    MB2-711 Dumps
    MB2-712 Dumps
    MB2-713 Dumps
    MB2-714 Dumps
    MB2-715 Dumps
    MB2-716 Dumps
    MB2-717 Dumps
    MB2-718 Dumps
    MB2-719 Dumps
    MB2-877 Dumps
    MB5-705 Dumps
    MB6-700 Dumps
    MB6-701 Dumps
    MB6-702 Dumps
    MB6-703 Dumps
    MB6-704 Dumps
    MB6-705 Dumps
    MB6-884 Dumps
    MB6-885 Dumps
    MB6-886 Dumps
    MB6-889 Dumps
    MB6-890 Dumps
    MB6-892 Dumps
    MB6-893 Dumps
    MB6-894 Dumps
    MB6-895 Dumps
    MB6-896 Dumps
    MB6-897 Dumps
    MB6-898 Dumps