[Free] 2018(Aug) Dumps4cert Microsoft 70-640 Dumps with VCE and PDF Download 151-160

Dumps4cert.com : Latest Dumps with PDF and VCE Files
2018 Aug Microsoft Official New Released 70-640
100% Free Download! 100% Pass Guaranteed!

Windows Server 2008 Active Directory, Configuring

Question No: 151 – (Topic 2)

Your company has a main office and a branch office. The main office contains two domain controllers.

You create an Active Directory site named BranchOfficeSite.

You deploy a domain controller in the branch office, and then add the domain controller to the BranchOfficeSite site.

You discover that users in the branch office are randomly authenticated by either the domain controller in the branch office or the domain controllers in the main office.

You need to ensure that the users in the branch office always attempt to authenticate to the domain controller in the branch office first.

What should you do?

  1. Create organizational units (OUs).

  2. Create Active Directory subnet objects.

  3. Modify the slow link detection threshold.

  4. Modify the Location attribute of the computer objects.

Answer: B Explanation:

http://technet.microsoft.com/en-us/library/cc754697.aspx Understanding Sites, Subnets, and Site Links

Sites overview

Sites in AD DS represent the physical structure, or topology, of your network. AD DS uses network topology information, which is stored in the directory as site, subnet, and site link objects, to build the most efficient replication topology. The replication topology itself consists of the set of connection objects that enable inbound replication from a source domain controller to the destination domain controller that stores the connection object.

The Knowledge Consistency Checker (KCC) creates these connection objects automatically on each domain controller.

Associating sites and subnets

A subnet object in AD DS groups neighboring computers in much the same way that postal codes group neighboring postal addresses. By associating a site with one or more subnets, you assign a set of IP addresses to the site.


The term quot;subnetquot; in AD DS does not have the strict networking definition of the set of all addresses behind a single router. The only requirement for an AD DS subnet is that the address prefix conforms to the IP version 4 (IPv4) or IP version 6 (IPv6) format.

When you add the Active Directory Domain Services server role to create the first domain controller in a forest, a default site (Default-First-Site-Name) is created in AD DS. As long as this site is the only site in the directory, all domain controllers that you add to the forest are assigned to this site. However, if your forest will have multiple sites, you must create subnets that assign IP addresses to Default-First-Site-Name as well as to all additional sites.

Locating domain controllers by site

Domain controllers register service (SRV) resource records in Domain Name System (DNS) that identify their site names. Domain controllers also register host (A) resource records in DNS that identify their IP addresses. When a client requests a domain controller, it provides its site name to DNS. DNS uses the site name to locate a domain controller in that site (or in the next closest site to the client). DNS then provides the IP address of the domain controller to the client for the purpose of connecting to the domain controller. For this reason, it is important to ensure that the IP address that you assign to a domain controller maps to a subnet that is associated with the site of the respective server object. Otherwise, when a client requests a domain controller, the IP address that is returned might be the IP address of a domain controller in a distant site. When a client connects to a distant site, the result can be slow performance and unnecessary traffic on expensive WAN links.

Question No: 152 – (Topic 2)

Your network contains an Active Directory domain named contoso.com.

You create a GlobalNames zone. You add an alias (CNAME) resource record named Server1 to the zone. The target host of the record is server2.contoso.com.

When you ping Server1, you discover that the name fails to resolve. You successfully resolve server2.contoso.com.

You need to ensure that you can resolve names by using the GlobalNames zone. What should you do?

  1. From the command prompt, use the netsh tool.

  2. From the command prompt, use the dnscmd tool.

  3. From DNS Manager, modify the properties of the GlobalNames zone.

  4. From DNS Manager, modify the advanced settings of the DNS server.

Answer: B Explanation:


Enable GlobalNames zone support

The GlobalNames zone is not available to provide name resolution until GlobalNames zone support is explicitly enabled by using the following command on every authoritative DNS server in the forest:

dnscmdlt;ServerNamegt; /config /enableglobalnamessupport 1

Question No: 153 – (Topic 2)

ABC.com boasts a main office and 20 branch offices. Configured as a separate site, each branch office has a Read-Only Domain Controller (RODC) server installed.

Users in remote offices complain that they are unable to log on to their accounts. What should you do to make sure that the cached credentials for user accounts are only stored in their local branch office RODC server?

  1. Open the RODC computer account security tab and set Allow on the Receive as permission only for the users that are unable to log on to their accounts

  2. Add a password replication policy to the main Domain RODC and add user accounts in the security group

  3. Configure a unique security group for each branch office and add user accounts to the respective security group. Add the security groups to the password replication allowed group on the main RODC server

  4. Configure and add a separate password replication policy on each RODC computer account

Answer: D Explanation:

http://technet.microsoft.com/en-us/library/cc730883(v=ws.10).aspx Password Replication Policy

When you initially deploy an RODC, you must configure the Password Replication Policy on the writable domain controller that will be its replication partner.

The Password Replication Policy acts as an access control list (ACL). It determines if an RODC should be permitted to cache a password. After the RODC receives an authenticated user or computer logon request, it refers to the Password Replication Policy to determine if the password for the account should be cached. The same account can then perform subsequent logons more efficiently.

The Password Replication Policy lists the accounts that are permitted to be cached, and accounts that are explicitly denied from being cached. The list of user and computer

accounts that are permitted to be cached does not imply that the RODC has necessarily cached the passwords for those accounts. An administrator can, for example, specify in advance any accounts that an RODC will cache. This way, the RODC can authenticate those accounts, even if the WAN link to the hub site is offline.

Question No: 154 – (Topic 2)

Your network contains an Active Directory domain. The relevant servers in the domain are configured as shown in the following table.

Dumps4Cert 2018 PDF and VCE

You need to ensure that all device certificate requests use the MD5 hash algorithm. What should you do?

  1. On Server2, run the Certutil tool.

  2. On Server1, update the CEP Encryption certificate template.

  3. On Server1, update the Exchange Enrollment Agent (Offline Request) template.

  4. On Server3, set the value of the HKLM\Software\Microsoft\Cryptography\MSCEP\ HashAlgorithm\HashAlgorithm registry key.

Answer: D



Managing Network Device Enrollment Service Configuring NDES

NDES stores its configuration in the registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography


To change NDES configuration, edit the NDES registry settings by using Regedit.exe or Reg.exe, then restart IIS. If necessary, create the key and value using the names and data types described in the following table.

Key name

HashAlgorithm \ HashAlgorithm Value Data Type

String Default value SHA1


Accepted values are SHA1 and MD5.

Question No: 155 – (Topic 2)

Your network contains a domain controller that is configured as a DNS server. The server hosts an Active Directory-integrated zone for the domain.

You need to reduce how long it takes until stale records are deleted from the zone. What should you do?

  1. From the configuration directory partition of the forest, modify the tombstone lifetime.

  2. From the configuration directory partition of the forest, modify the garbage collection interval.

  3. From the aging properties of the zone, modify the no-refresh interval and the refresh interval.

  4. From the start of authority (SOA) record of the zone, modify the refresh interval and the expire interval.

    Answer: C Explanation:

    Dumps4Cert 2018 PDF and VCE

    C:\Documents and Settings\usernwz1\Desktop\1.PNG

    http://technet.microsoft.com/en-us/library/cc816625(v=ws.10).aspx Set Aging and Scavenging Properties for a Zone

    The DNS Server service supports aging and scavenging features. These features are provided as a mechanism for performing cleanup and removal of stale resource records, which can accumulate in zone data over time.

    You can use this procedure to set the aging and scavenging properties for a specific zone using either the DNS Manager snap-in or the dnscmd command-line tool.

    To set aging and scavenging properties for a zone using the Windows interface

    1. Open DNS Manager. To open DNS Manager, click Start, point to Administrative Tools, and then click DNS.

    2. In the console tree, right-click the applicable zone, and then click Properties.

    3. On the General tab, click Aging.

    4. Select the Scavenge stale resource records check box.

    5. Modify other aging and scavenging properties as needed.

To set aging and scavenging properties for a zone using a command line

  1. Open a command prompt. To open an elevated Command Prompt window, click Start, point to All

    Programs, click Accessories, right-click Command Prompt, and then click Run as administrator.

  2. At the command prompt, type the following command, and then press ENTER:

    dnscmd lt;ServerNamegt; /Config lt;ZoneNamegt; {/Aging lt;Valuegt;|/RefreshInterval lt;Valuegt;|/ NoRefreshInterval lt;Valuegt;}

    Dumps4Cert 2018 PDF and VCE

    C:\Documents and Settings\usernwz1\Desktop\1.PNG

    Question No: 156 – (Topic 2)

    Your network contains a single Active Directory domain. Active Directory Rights Management Services (AD RMS) is deployed on the network.

    A user named User1 is a member of only the AD RMS Enterprise Administrators group.

    You need to ensure that User1 can change the service connection point (SCP) for the AD RMS installation.The solution must minimize the administrative rights of User1.

    To which group should you add User1?

    1. AD RMS Auditors

    2. AD RMS Service Group

    3. Domain Admins

    4. Schema Admins

Answer: C Explanation:

http://social.technet.microsoft.com/wiki/contents/articles/710.the-ad-rms-service- connection-point.aspx

The AD RMS Service Connection Point

The Active Directory Rights Management Services (AD RMS) Service Connection Point (SCP) is an object in Active Directory that holds the web address of the AD RMS certification cluster. AD RMS-enabled applications use the SCP to discover the AD RMS

service; it is the first connection point for users to discover the AD RMS web services.

The AD RMS SCP can be registered automatically during AD RMS installation, or it can be registered after installation has completed. To register the SCP you must be a member of the local AD RMS Enterprise Administrators group and the Active Directory Domain Services (AD DS) Enterprise Admins group, or you must have been given the appropriate authority.

Question No: 157 – (Topic 2)

Your company has an Active Directory Rights Management Services (AD RMS) server. Users have Windows Vista computers. An Active Directory domain is configured at the Windows Server 2003 functional level.

You need to configure AD RMS so that users are able to protect their documents. What should you do?

  1. Install the AD RMS client 2.0 on each client computer.

  2. Add the RMS service account to the local administrators group on the AD RMS server.

  3. Establish an e-mail account in Active Directory Domain Services (AD DS) for each RMS user.

  4. Upgrade the Active Directory domain to the functional level of Windows Server 2008.

Answer: C Explanation:

http://technet.microsoft.com/en-us/library/cc753531(v=ws.10).aspx AD RMS Step-by-Step Guide

For each user account and group that you configure with AD RMS, you need to add an e- mail address and then assign the users to groups.

Question No: 158 – (Topic 2)

ABC.com has purchased laptop computers that will be used to connect to a wireless


You create a laptop organizational unit and create a Group Policy Object (GPO) and configure user profiles by utilizing the names of approved wireless networks.

You link the GPO to the laptop organizational unit. The new laptop users complain to you that they cannot connect to a wireless network.

What should you do to enforce the group policy wireless settings to the laptop computers?

  1. Execute gpupdate/target:computer command at the command prompt on laptop computers

  2. Execute Add a network command and leave the SSID (service set identifier) blank

  3. Execute gpupdate/boot command at the command prompt on laptops computers

  4. Connect each laptop computer to a wired network and log off the laptop computer and then login again.

  5. None of the above

Answer: D

Question No: 159 – (Topic 2)

You need to deploy a read-only domain controller (RODC) that runs Windows Server 2008 R2.

What is the minimal forest functional level that you should use?

  1. Windows Server 2008 R2

  2. Windows Server 2008

  3. Windows Server 2003

  4. Windows 2000

Answer: C


http://technet.microsoft.com/en-us/library/cc731243.aspx Prerequisites for Deploying an RODC

Complete the following prerequisites before you deploy a read-only domain controller (RODC):

Ensure that the forest functional level is Windows Server 2003 or higher, so that linked- valuereplication (LVR) is available.

Question No: 160 – (Topic 2)

ABC.com has a network that is comprise of a single Active Directory Domain.

As an administrator at ABC.com, you install Active Directory Lightweight Directory Services (AD LDS) on a server that runs Windows Server 2008. To enable Secure Sockets Layer (SSL) based connections to the AD LDS server, you install certificates from a trusted Certification Authority (CA) on the AD LDS server and client computers.

Which tool should you use to test the certificate with AD LDS?

  1. Ldp.exe

  2. Active Directory Domain services

  3. ntdsutil.exe

  4. Lds.exe

  5. wsamain.exe

  6. None of the above

    Answer: A Explanation:

    http://technet.microsoft.com/en-us/library/cc725767(v=ws.10).aspx Appendix A: Configuring LDAP over SSL Requirements for AD LDS

    The Lightweight Directory Access Protocol (LDAP) is used to read from and write to Active Directory

    Lightweight Directory Services (AD LDS). By default, LDAP traffic is not transmitted securely. You can make LDAP traffic confidential and secure by using Secure Sockets Layer (SSL) / Transport Layer Security (TLS) technology.

    Step 3: Connect to the AD LDS instance over LDAPS using Ldp.exe

    To test your server authentication certificate, you can open Ldp.exe on the computer that is running the AD LDS instance and then connect to this AD LDS instance that has the SSL option enabled.

    100% Dumps4cert Free Download!
    70-640 PDF
    100% Dumps4cert Pass Guaranteed!
    70-640 Dumps

    Dumps4cert ExamCollection Testking
    Lowest Price Guarantee Yes No No
    Up-to-Dated Yes No No
    Real Questions Yes No No
    Explanation Yes No No
    PDF VCE Yes No No
    Free VCE Simulator Yes No No
    Instant Download Yes No No

Leave a Reply

Your email address will not be published. Required fields are marked *

  • Categories

  • Tags

  • Hot Exams

  • Hot Exams

  • Hot Catageories

  • microsoft dumps

    62-193 Dumps
    70-243 Dumps
    70-246 Dumps
    70-247 Dumps
    70-331 Dumps
    70-332 Dumps
    70-333 Dumps
    70-334 Dumps
    70-339 Dumps
    70-341 Dumps
    70-342 Dumps
    70-345 Dumps
    70-346 Dumps
    70-347 Dumps
    70-348 Dumps
    70-354 Dumps
    70-355 Dumps
    70-357 Dumps
    70-383 Dumps
    70-384 Dumps
    70-385 Dumps
    70-398 Dumps
    70-410 Dumps
    70-411 Dumps
    70-412 Dumps
    70-413 Dumps
    70-414 Dumps
    70-417 Dumps
    70-461 Dumps
    70-462 Dumps
    70-463 Dumps
    70-464 Dumps
    70-465 Dumps
    70-466 Dumps
    70-467 Dumps
    70-469 Dumps
    70-470 Dumps
    70-473 Dumps
    70-475 Dumps
    70-480 Dumps
    70-481 Dumps
    70-482 Dumps
    70-483 Dumps
    70-484 Dumps
    70-485 Dumps
    70-486 Dumps
    70-487 Dumps
    70-488 Dumps
    70-489 Dumps
    70-490 Dumps
    70-491 Dumps
    70-492 Dumps
    70-494 Dumps
    70-496 Dumps
    70-497 Dumps
    70-498 Dumps
    70-499 Dumps
    70-517 Dumps
    70-532 Dumps
    70-533 Dumps
    70-534 Dumps
    70-535 Dumps
    70-537 Dumps
    70-640 Dumps
    70-642 Dumps
    70-646 Dumps
    70-673 Dumps
    70-680 Dumps
    70-681 Dumps
    70-682 Dumps
    70-684 Dumps
    70-685 Dumps
    70-686 Dumps
    70-687 Dumps
    70-688 Dumps
    70-689 Dumps
    70-692 Dumps
    70-694 Dumps
    70-695 Dumps
    70-696 Dumps
    70-697 Dumps
    70-698 Dumps
    70-703 Dumps
    70-705 Dumps
    70-713 Dumps
    70-734 Dumps
    70-735 Dumps
    70-740 Dumps
    70-741 Dumps
    70-742 Dumps
    70-743 Dumps
    70-744 Dumps
    70-745 Dumps
    70-761 Dumps
    70-762 Dumps
    70-764 Dumps
    70-765 Dumps
    70-767 Dumps
    70-768 Dumps
    70-773 Dumps
    70-774 Dumps
    70-775 Dumps
    70-776 Dumps
    70-778 Dumps
    70-779 Dumps
    70-980 Dumps
    70-981 Dumps
    70-982 Dumps
    74-343 Dumps
    74-344 Dumps
    74-409 Dumps
    74-678 Dumps
    74-697 Dumps
    77-418 Dumps
    77-419 Dumps
    77-420 Dumps
    77-421 Dumps
    77-422 Dumps
    77-423 Dumps
    77-424 Dumps
    77-425 Dumps
    77-426 Dumps
    77-427 Dumps
    77-428 Dumps
    77-600 Dumps
    77-601 Dumps
    77-602 Dumps
    77-603 Dumps
    77-604 Dumps
    77-605 Dumps
    77-725 Dumps
    77-726 Dumps
    77-727 Dumps
    77-728 Dumps
    77-729 Dumps
    77-730 Dumps
    77-731 Dumps
    77-853 Dumps
    77-881 Dumps
    77-882 Dumps
    77-883 Dumps
    77-884 Dumps
    77-885 Dumps
    77-886 Dumps
    77-887 Dumps
    77-888 Dumps
    77-891 Dumps
    98-349 Dumps
    98-361 Dumps
    98-362 Dumps
    98-363 Dumps
    98-364 Dumps
    98-365 Dumps
    98-366 Dumps
    98-367 Dumps
    98-368 Dumps
    98-369 Dumps
    98-372 Dumps
    98-373 Dumps
    98-374 Dumps
    98-375 Dumps
    98-379 Dumps
    98-380 Dumps
    98-381 Dumps
    98-382 Dumps
    98-383 Dumps
    98-388 Dumps
    AZ-100 Dumps
    AZ-101 Dumps
    AZ-102 Dumps
    INF-203x Dumps
    INF-204x Dumps
    INF-205x Dumps
    INF-206x Dumps
    MB2-700 Dumps
    MB2-701 Dumps
    MB2-702 Dumps
    MB2-703 Dumps
    MB2-704 Dumps
    MB2-706 Dumps
    MB2-707 Dumps
    MB2-708 Dumps
    MB2-709 Dumps
    MB2-710 Dumps
    MB2-711 Dumps
    MB2-712 Dumps
    MB2-713 Dumps
    MB2-714 Dumps
    MB2-715 Dumps
    MB2-716 Dumps
    MB2-717 Dumps
    MB2-718 Dumps
    MB2-719 Dumps
    MB2-877 Dumps
    MB5-705 Dumps
    MB6-700 Dumps
    MB6-701 Dumps
    MB6-702 Dumps
    MB6-703 Dumps
    MB6-704 Dumps
    MB6-705 Dumps
    MB6-884 Dumps
    MB6-885 Dumps
    MB6-886 Dumps
    MB6-889 Dumps
    MB6-890 Dumps
    MB6-892 Dumps
    MB6-893 Dumps
    MB6-894 Dumps
    MB6-895 Dumps
    MB6-896 Dumps
    MB6-897 Dumps
    MB6-898 Dumps