[Free] 2018(Aug) Dumps4cert Microsoft 70-640 Dumps with VCE and PDF Download 261-270

Dumps4cert.com : Latest Dumps with PDF and VCE Files
2018 Aug Microsoft Official New Released 70-640
100% Free Download! 100% Pass Guaranteed!

Windows Server 2008 Active Directory, Configuring

Question No: 261 – (Topic 3)

Your network contains an Active Directory domain. All domain controllers run Windows Server 2008 R2. Client computers run either Windows XP Service Pack 3 (SP3) or Windows Vista.

You need to ensure that all client computers can apply Group Policy preferences. What should you do?

  1. Upgrade all Windows XP client computers to Windows 7.

  2. Create a central store that contains the Group Policy ADMX files.

  3. Install the Group Policy client-side extensions (CSEs) on all client computers.

  4. Upgrade all Windows Vista client computers to Windows Vista Service Pack 2 (SP2).

    Answer: C Explanation:

    http://www.microsoft.com/en-us/download/details.aspx?id=3628

    Group Policy Preference Client Side Extensions for Windows XP (KB943729)

    Multiple Group Policy Preferences have been added to the Windows Server 2008 Group Policy Management Console (which are also available through the Remote Server Administration Toolset (RSAT) for Windows Vista SP1).

    Multiple Group Policy Preferences have been added to the Windows Server 2008 Group Policy Management Console (which are also available through the Remote Server Administration Toolset (RSAT) for Windows Vista SP1). Group Policy Preferences enable information technology professionals to configure, deploy, and manage operating system and application settings they previously were not able to manage using Group Policy. After you install this update, your computer will be able to process the new Group Policy Preference extensions.

    http://www.petenetlive.com/KB/Article/0000389.htm

    Server 2008 Group Policy Preferences and Client Side Extensions

    Dumps4Cert 2018 PDF and VCE

    Problem Group Policy Preferences (GPP) first came in with Server 2008 and were enhanced for Server 2008 R2, To be able to apply them to older Windows clients, you need to install the quot;Client side Extensionsquot; (CSE), You can either script this, deploy with a group policy, or if you have WSUS you can send out the update that way.

    C:\Documents and Settings\usernwz1\Desktop\1.PNG Solution

    You may not have noticed, but if you edit or create a group policy in Server 2008 now, you will see there is a quot;Preferencesquot; branch. Most IT Pro#39;s will have seen the addition of the quot;Policiesquot; folder some time ago because it adds an extra level to get to the policies that were there before 🙂

    Dumps4Cert 2018 PDF and VCE

    C:\Documents and Settings\usernwz1\Desktop\1.PNG

    OK Cool! What can you do with them?

    1. Computer Preferences: Windows Settings

      Environment: Lets you control, and send out Environment variables via Group Policy. Files: Allows you to copy, modify the attributes, replace or delete a file (for folders see the next section).

      Folder: As above, but for folders.

      Ini Files: Allows you to Create, Replace, Update or Delete an ini file.

      Registry: Allows you to Create, Replace, Update or Delete a Registry value, You can either manually type in the reference use a Wizard, or extract the key(s) values you want to send them out via group policy.

      Network Shares: Allow you to Create, Replace, Update, or Delete shares on clients via group policy.

      Shortcuts: Allows you to Create, Replace, Update, or Delete shortcuts on clients via group policy.

    2. Computer Preferences: Control Panel Settings

      Data Sources: Allows you to Create, Replace, Update, or Delete, Data Sources and ODBC settings via group policy. (Note: there#39;s a bug if your using SQL authentication see here).

      Devices: Lets you enable and disable hardware devices by type and class, to be honest it#39;s a little quot;clunkyquot;.

      Folder Options: Allows you to set quot;File Associationsquot; and set the default programs that will open particular file extensions.

      Local Users and Groups: Lets you Create, Replace, Update, or Delete either local users OR local groups.

      Handy if you want to create an additional admin account, or reset all the local administrators passwords via group policy.

      Network Options: Lets you send out VPN and dial up connection settings to your clients, handy if you use PPTP Windows Server VPN#39;s.

      Power Options: With XP these are Power Options and Power Schemes, With Vista and later OS#39;s they are Power Plans. This is much needed, I#39;ve seen many quot;Is there a group policy for power options?quot; or disabling hibernation questions in forums. And you can use the options Tab, to target particular machine types (i.e. only apply if there is a battery present).

      Printers: Lets you install printers (local or TCP/IP), handy if you want all the machines in accounts to have the accounts printer.

      Scheduled Tasks: Lets you create a scheduled task or an immediate task (Vista or Later), this could be handy to deploy a patch or some virus/malware removal process.

      Service: Essentially anything you can do in the services snap in you can push out through group policy, set services to disables or change the logon credentials used for a service. In addition you can set the recovery option should a service fail.

    3. User Configuration: Windows Settings

      Applications: Answers on a Postcard? I can#39;t work out what these are for!

      Drive Mappings: Traditionally done by login script or from the user object, but use this and you can assign mapped drives on a user/group basis.

      Environment: As above lets you control and send out Environment variables via Group Policy, but on a user basis.

      Files: As above. allows you to copy, modify the attributes, replace or delete a file (for folders see the next section), but on a user basis.

      Folders: As above, but for folders on a user by user basis.

      Ini Files: As above, allows you to Create, Replace, Update or Delete an ini file, on a user by user basis.

      Registry: As above, allows you to Create, Replace, Update or Delete a Registry value, You can either manually type in the reference use a Wizard, or extract the key(s) values you want to send out via group policy, this time for users not computers.

      Shortcuts: As Above, allows you to Create, Replace, Update, or Delete shortcuts on clients via group policy for users.

    4. User Configuration: Control Panel Settings

      All of the following options are covered above on quot;Computer Configurationquot; Data Sources

      Devices Folder Options

      Local Users and Groups

      Network Options Power Options Printers Scheduled Tasks

      Internet Settings: Using this Group Policy you can specify Internet Explorer settings/options on a user by user basis.

      Regional Options: Designed so you can change a users Locale, handy if you have one user who wants an American keyboard.

      Start Menu: Provides the same functionality as right clicking your task bar gt; properties gt; Start Menu gt;

      Customise, only set user by user. References:

      http://technet.microsoft.com/en-us/library/dd367850(WS.10).aspx Group Policy Preferences

      Question No: 262 – (Topic 3)

      Your network contains an Active Directory domain.

      A user named User1 takes a leave of absence for one year.

      You need to restrict access to the User1 user account while User1 is away. What should you do?

      1. From the Default Domain Policy, modify the account lockout settings.

      2. From the Default Domain Controller Policy, modify the account lockout settings.

      3. From the properties of the user account, modify the Account options.

      4. From the properties of the user account, modify the Session settings.

Answer: C Explanation:

Account lockout settings deal with logon security, like how many times a wrong password can be entered before an account gets locked out, or after how many minutes a locked out user can try again.

To really restrict access to the User1 account it has to be disabled, by modifying the account options.

Reference:

http://blogs.technet.com/b/msonline/archive/2009/08/17/disabling-and-deleting-user- accounts.aspx

Disabling a user account prevents user access to e-mail and Microsoft SharePoint Online data, but retains the user’s data. Disabling a user account also keeps the user license associated with that account. This is the best option to utilize when a person leaves an organization temporarily.

Question No: 263 – (Topic 3)

Your network contains an Active Directory forest. The forest contains two domains named contoso.com and eu.contoso.com. All domain controllers are DNS servers.

The domain controllers in contoso.com host the zone for contoso.com. The domain controllers in eu.contoso.com host the zone for eu.contoso.com. The DNS zone for contoso.com is configured as shown in the exhibit. (Click the Exhibit button.)

Dumps4Cert 2018 PDF and VCE

You need to ensure that all domain controllers in the forest host a writable copy of

_msdsc.contoso.com.

Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

  1. Create a zone delegation record in the contoso.com zone.

  2. Create a zone delegation record in the eu.contoso.com zone.

  3. Create an Active Directory-integrated zone for _msdsc.contoso.com.

  4. Create a secondary zone named _msdsc.contoso.com in eu.contoso.com.

Answer: A,C Explanation:

Note that the question speaks of _msdSC, instead of _msdCS. Not sure if it means something, probably a typo.

Question No: 264 – (Topic 3)

Your network contains three Active Directory forests named Forest1, Forest2, and Forest3. Each forest contains three domains. A two-way forest trust exists between Forest1 and Forest2. A two-way forest trust exists between Forest2 andForest3.

You need to configure the forests to meet the following requirements:

->Users in Forest3 must be able to access resources in Forest1

->Users in Forest1 must be able to access resources in Forest3.

->The number of trusts must be minimized.

What should you do?

  1. In Forest2, modify the name suffix routing settings.

  2. In Forest1 and Forest3, configure selective authentication.

  3. In Forest1 and Forest3, modify the name suffix routing settings.

  4. Create a two-way forest trust between Forest1 and Forest3.

  5. Create a shortcut trust in Forest1 and a shortcut trust in Forest3.

Answer: D

Reference:

MS Press – Self-Paced Training Kit (Exam 70-640) (2nd Edition, December 14 2012) page 639:

Forest Trusts (…)

You can specify whether the forest trust is one-way, incoming or outgoing, or two-way. As

mentioned earlier, a forest trust is transitive, allowing all domains in a trusting forest to trust all domains in a trusted forest. However, forest trusts are not themselves transitive. For example, if the tailspintoys.com forest trusts the worldwideimporters .com forest, and the worldwideimporters.com forest trusts the northwindtraders.com forest, those two trust relationships do not allow the tailspintoys.com forest to trust the northwindtraders.com forest. If you want those two forests to trust each other, you must create a specific forest trust between them.

Question No: 265 – (Topic 3)

Your network contains two servers named Server1 and Server2 that run Windows Server 2008 R2. Server1 has the Active Directory Federation Services (AD FS) Federation Service role service installed.

You plan to deploy AD FS 2.0 on Server2.

You need to export the token-signing certificate from Server1, and then import the certificate to Server2.

Which format should you use to export the certificate?

  1. Base-64 encoded X.509 (.cer)

  2. Cryptographic Message Syntax Standard PKCS #7 (.p7b)

  3. DER encoded binary X.509 (.cer)

  4. Personal Information Exchange PKCS #12 (.pfx)

Answer: D Explanation:

Reference 1:

http://technet.microsoft.com/en-us/library/ff678038.aspx

Checklist: Migrating Settings in the AD FS 1.x Federation Service to AD FS 2.0

If the AD FS 1.x Federation Service has a token-signing certificate that was issued by a trusted certification authority (CA) and you want to reuse it, you will have to export it from AD FS 1.x.

[The site provides also a link for instructions on how to export the token-signing certificate. That link point to the site mentioned in reference 2.]

Reference 2:

http://technet.microsoft.com/en-us/library/cc784075.aspx Export the private key portion of a token-signing certificate

To export the private key of a token-signing certificate

->Click Start, point to Administrative Tools, and then click Active Directory Federation Services.

->Right-click Federation Service, and then click Properties.

->On the General tab, click View.

->In the Certificate dialog box, click the Details tab.

->On the Details tab, click Copy to File.

->On the Welcome to the Certificate Export Wizard page, click Next.

->On the Export Private Key page, select Yes, export the private key, and then click Next.

->On the Export File Format page, selectPersonal Information Exchange = PKCS

#12 (.PFX), and then click Next.

->(…)

Question No: 266 – (Topic 3)

You have a domain controller named Server1 that runs Windows Server 2008 R2. You need to determine the size of the Active Directory database on Server1.

What should you do?

  1. Run the Active Directory Sizer tool.

  2. Run the Active Directory Diagnostics data collector set.

  3. From Windows Explorer, view the properties of the %systemroot%\ntds\ntds.dit file.

  4. From Windows Explorer, view the properties of the %systemroot%\sysvol\domain folder.

Answer: C Explanation:

http://technet.microsoft.com/en-us/library/cc961761.aspx Directory Data Store

Active Directory data is stored in the Ntds.dit ESE database file. Two copies of Ntds.dit are

present in separate locations on a given domain controller:

%SystemRoot%\NTDS\Ntds.dit This file stores the database that is in use on the domain controller. It contains the values for the domain and a replica of the values for the forest (the Configuration container data).

%SystemRoot%\System32\Ntds.dit This file is the distribution copy of the default directory that is used when you promote a Windows 2000 – based computer to a domain controller. The availability of this file allows you to run the Active Directory Installation Wizard (Dcpromo.exe) without your having to use the Windows 2000 Server operating system CD. During the promotion process, Ntds.dit is copied from the %SystemRoot% \System32 directory into the %SystemRoot%\NTDS directory. Active Directory is then started from this new copy of the file, and replication updates the file from other domain controllers.

Question No: 267 – (Topic 3)

Your network contains an Active Directory domain. The domain contains two Active Directory sites named Site1 and Site2. Site1 contains two domain controllers named DC1 and DC2. Site2 contains two domain controller named DC3 and DC4. The functional level of the domain is Windows Server 2008 R2. The functional level of the forest is Windows Server 2003. Active Directory replication between Site1 and Site2 occurs from 20:00 to 01:00 every day.

At 07:00, an administrator deletes a user account while he is logged on to DC1.

You need to restore the deleted user account. You want to achieve this goal by using the minimum amount of administrative effort.

What should you do?

  1. On DC1, run the Restore-ADObject cmdlet.

  2. On DC3, run the Restore-ADObject cmdlet.

  3. On DC1, stop Active Directory Domain Services, restore the System State, and then start Active Directory Domain Services.

  4. On DC3, stop Active Directory Domain Services, perform an authoritative restore, and then start Active Directory Domain Services.

Answer: D Explanation:

We cannot use Restore-ADObject, because Restore-ADObject is a part of the Recycle Bin

feature, and you can only use Recycle Bin when the forest functional level is set to Windows Server 2008 R2. In the question text it says quot;The functional level of the forest is Windows Server 2003.quot;

Seehttp://technet.microsoft.com/nl-nl/library/dd379481.aspx

Performing an authoritative restore on DC3 updates the Update Sequence Number (USN) on that DC, which causes it to replicate the restored user account to other DC#39;s.

Reference 1:

MS Press – Self-Paced Training Kit (Exam 70-640) (2nd Edition, July 2012) page 692 An authoritative restore restores data that was lost and updates the Update Sequence Number (USN) for the data to make it authoritative and ensure that it is replicated to all other servers.

Reference 2:

http://technet.microsoft.com/en-us/library/cc755296.aspx Authoritative restore of AD DS has the following requirements:

You must stop the Active Directory Domain Services service before you run the ntdsutil authoritative restore command and restart the service after the command is complete.

Question No: 268 – (Topic 3)

You have an enterprise subordinate certification authority (CA). You have a custom Version 3 certificate template.

Users can enroll for certificates based on the custom certificate template by using the Certificates console. The certificate template is unavailable for Web enrollment.

You need to ensure that the certificate template is available on the Web enrollment pages. What should you do?

  1. Run certutil.exe pulse.

  2. Run certutil.exe installcert.

  3. Change the certificate template to a Version 2 certificate template.

  4. On the certificate template, assign the Autoenroll permission to the users.

Answer: C Explanation:

Explanation

Identical to F/Q33. Reference 1:

http://technet.microsoft.com/en-us/library/cc732517.aspx

Certificate Web enrollment cannot be used with version 3 certificate templates. Reference 2:

http://blogs.technet.com/b/ad/archive/2008/06/30/2008-web-enrollment-and-version-3- templates.aspx

The reason for this blog post is that one of our customers called after noticing some unexpected behavior when they were trying to use the Server 2008 certificate web enrollment page to request a Version 3 Template based certificate. The problem was that no matter what they did the Version 3 Templates would not appear as certificates which could be requested via the web page. On the other hand, version 1 and 2 templates did appear in the page and requests could be done successfully using those templates.

Question No: 269 – (Topic 3)

You have an enterprise subordinate certification authority (CA).

You have a custom certificate template that has a key length of 1,024 bits. The template is enabled for autoenrollment.

You increase the template key length to 2,048 bits.

You need to ensure that all current certificate holders automatically enroll for a certificate that uses the new template.

Which console should you use?

  1. Active Directory Administrative Center

  2. Certification Authority

  3. Certificate Templates

  4. Group Policy Management

    Answer: C

    Reference:

    http://technet.microsoft.com/en-us/library/cc771246.aspx

    Re-Enroll All Certificate Holders

    This procedure is used when a critical change is made to the certificate template and you want all subjects that hold a certificate that is based on this template to re-enroll as quickly as possible. The next time the subject verifies the version of the certificate against the version of the template on the certification authority (CA), the subject will re-enroll.

    Membership in Domain Admins or Enterprise Admins, or equivalent, is the minimum required to complete this procedure. For more information, see Implement Role-Based Administration.

    To re-enroll all certificate holders

    1. Open the Certificate Templates snap-in.

    2. Right-click the template that you want to use, and then click Reenroll All Certificate Holders.

      Question No: 270 – (Topic 3)

      Your company has a main office and a branch office. The network contains an Active Directory domain.

      The main office contains a writable domain controller named DC1. The branch office contains a read- only domain controller (RODC) named DC2.

      You discover that the password of an administrator named Admin1 is cached on DC2. You need to prevent Admin1#39;s password from being cached on DC2.

      What should you do?

      1. Modify the NTDS Site Settings.

      2. Modify the properties of the domain.

      3. Create a Password Setting object (PSO).

      4. Modify the properties of DC2#39;s computer account.

        Answer: D Explanation:

        http://technet.microsoft.com/en-us/library/rodc-guidance-for-administering-the-password- replication-policy(v=ws.10).aspx

        Administering the Password Replication Policy

        This topic describes the steps for viewing, configuring, and monitoring the Password Replication Policy (PRP) and password caching for read-only domain controllers (RODCs). Viewing the PRP You can view the PRP in a graphical user interface (GUI) by using the Active Directory Users and Computers snap-in or in a Command Prompt window by using the Repadmin tool. The following procedures describe how to view the PRP.

        To view the PRP using Active Directory Users and Computers

        1. Open Active Directory Users and Computers. To open Active Directory Users and Computers, click Start.

          In Start Search, type dsa.msc, and then press ENTER.

        2. Ensure that you are connected to the correct domain. To connect to the appropriate domain, in the details pane, right-click the Active Directory Users and Computers object, and then click Change Domain. 3. Expand Domain Controllers, right-click the RODC account object for which you want to modify the PRP, and then click Properties.

  1. Click the Password Replication Policy tab. An example is shown in the following illustration.

    Dumps4Cert 2018 PDF and VCE

    C:\Documents and Settings\usernwz1\Desktop\1.PNG

    100% Dumps4cert Free Download!
    70-640 PDF
    100% Dumps4cert Pass Guaranteed!
    70-640 Dumps

    Dumps4cert ExamCollection Testking
    Lowest Price Guarantee Yes No No
    Up-to-Dated Yes No No
    Real Questions Yes No No
    Explanation Yes No No
    PDF VCE Yes No No
    Free VCE Simulator Yes No No
    Instant Download Yes No No


Leave a Reply

Your email address will not be published. Required fields are marked *

  • Categories

  • Tags

  • Hot Exams

  • Hot Exams

  • Hot Catageories

  • microsoft dumps

    62-193 Dumps
    70-243 Dumps
    70-246 Dumps
    70-247 Dumps
    70-331 Dumps
    70-332 Dumps
    70-333 Dumps
    70-334 Dumps
    70-339 Dumps
    70-341 Dumps
    70-342 Dumps
    70-345 Dumps
    70-346 Dumps
    70-347 Dumps
    70-348 Dumps
    70-354 Dumps
    70-355 Dumps
    70-357 Dumps
    70-383 Dumps
    70-384 Dumps
    70-385 Dumps
    70-398 Dumps
    70-410 Dumps
    70-411 Dumps
    70-412 Dumps
    70-413 Dumps
    70-414 Dumps
    70-417 Dumps
    70-461 Dumps
    70-462 Dumps
    70-463 Dumps
    70-464 Dumps
    70-465 Dumps
    70-466 Dumps
    70-467 Dumps
    70-469 Dumps
    70-470 Dumps
    70-473 Dumps
    70-475 Dumps
    70-480 Dumps
    70-481 Dumps
    70-482 Dumps
    70-483 Dumps
    70-484 Dumps
    70-485 Dumps
    70-486 Dumps
    70-487 Dumps
    70-488 Dumps
    70-489 Dumps
    70-490 Dumps
    70-491 Dumps
    70-492 Dumps
    70-494 Dumps
    70-496 Dumps
    70-497 Dumps
    70-498 Dumps
    70-499 Dumps
    70-517 Dumps
    70-532 Dumps
    70-533 Dumps
    70-534 Dumps
    70-535 Dumps
    70-537 Dumps
    70-640 Dumps
    70-642 Dumps
    70-646 Dumps
    70-673 Dumps
    70-680 Dumps
    70-681 Dumps
    70-682 Dumps
    70-684 Dumps
    70-685 Dumps
    70-686 Dumps
    70-687 Dumps
    70-688 Dumps
    70-689 Dumps
    70-692 Dumps
    70-694 Dumps
    70-695 Dumps
    70-696 Dumps
    70-697 Dumps
    70-698 Dumps
    70-703 Dumps
    70-705 Dumps
    70-713 Dumps
    70-734 Dumps
    70-735 Dumps
    70-740 Dumps
    70-741 Dumps
    70-742 Dumps
    70-743 Dumps
    70-744 Dumps
    70-745 Dumps
    70-761 Dumps
    70-762 Dumps
    70-764 Dumps
    70-765 Dumps
    70-767 Dumps
    70-768 Dumps
    70-773 Dumps
    70-774 Dumps
    70-775 Dumps
    70-776 Dumps
    70-778 Dumps
    70-779 Dumps
    70-980 Dumps
    70-981 Dumps
    70-982 Dumps
    74-343 Dumps
    74-344 Dumps
    74-409 Dumps
    74-678 Dumps
    74-697 Dumps
    77-418 Dumps
    77-419 Dumps
    77-420 Dumps
    77-421 Dumps
    77-422 Dumps
    77-423 Dumps
    77-424 Dumps
    77-425 Dumps
    77-426 Dumps
    77-427 Dumps
    77-428 Dumps
    77-600 Dumps
    77-601 Dumps
    77-602 Dumps
    77-603 Dumps
    77-604 Dumps
    77-605 Dumps
    77-725 Dumps
    77-726 Dumps
    77-727 Dumps
    77-728 Dumps
    77-729 Dumps
    77-730 Dumps
    77-731 Dumps
    77-853 Dumps
    77-881 Dumps
    77-882 Dumps
    77-883 Dumps
    77-884 Dumps
    77-885 Dumps
    77-886 Dumps
    77-887 Dumps
    77-888 Dumps
    77-891 Dumps
    98-349 Dumps
    98-361 Dumps
    98-362 Dumps
    98-363 Dumps
    98-364 Dumps
    98-365 Dumps
    98-366 Dumps
    98-367 Dumps
    98-368 Dumps
    98-369 Dumps
    98-372 Dumps
    98-373 Dumps
    98-374 Dumps
    98-375 Dumps
    98-379 Dumps
    98-380 Dumps
    98-381 Dumps
    98-382 Dumps
    98-383 Dumps
    98-388 Dumps
    AZ-100 Dumps
    AZ-101 Dumps
    AZ-102 Dumps
    INF-203x Dumps
    INF-204x Dumps
    INF-205x Dumps
    INF-206x Dumps
    MB2-700 Dumps
    MB2-701 Dumps
    MB2-702 Dumps
    MB2-703 Dumps
    MB2-704 Dumps
    MB2-706 Dumps
    MB2-707 Dumps
    MB2-708 Dumps
    MB2-709 Dumps
    MB2-710 Dumps
    MB2-711 Dumps
    MB2-712 Dumps
    MB2-713 Dumps
    MB2-714 Dumps
    MB2-715 Dumps
    MB2-716 Dumps
    MB2-717 Dumps
    MB2-718 Dumps
    MB2-719 Dumps
    MB2-877 Dumps
    MB5-705 Dumps
    MB6-700 Dumps
    MB6-701 Dumps
    MB6-702 Dumps
    MB6-703 Dumps
    MB6-704 Dumps
    MB6-705 Dumps
    MB6-884 Dumps
    MB6-885 Dumps
    MB6-886 Dumps
    MB6-889 Dumps
    MB6-890 Dumps
    MB6-892 Dumps
    MB6-893 Dumps
    MB6-894 Dumps
    MB6-895 Dumps
    MB6-896 Dumps
    MB6-897 Dumps
    MB6-898 Dumps