[Free] 2018(Aug) Dumps4cert Microsoft 70-640 Dumps with VCE and PDF Download 291-300

Dumps4cert.com : Latest Dumps with PDF and VCE Files
2018 Aug Microsoft Official New Released 70-640
100% Free Download! 100% Pass Guaranteed!

Windows Server 2008 Active Directory, Configuring

Question No: 291 – (Topic 3)

You create a new Active Directory domain. The functional level of the domain is Windows Server 2008 R2. The domain contains five domain controllers.

You need to monitor the replication of the group policy template files. Which tool should you use?

  1. Dfsrdiag

  2. Fsutil

  3. Ntdsutil

  4. Ntfrsutl

Answer: A Explanation:

With domain functional level 2008 you have available dfs-r sysvol replication. So with DFL2008 you can use the DFSRDIAG tool. It is not available with domain functional level 2003.

With domain functional level 2003 you can only use Ntfrsutl.

Question No: 292 – (Topic 3)

Your network contains an Active Directory domain.

You need to restore a deleted computer account from the Active Directory Recycle Bin. What should you do?

  1. From the command prompt, run recover.exe.

  2. From the command prompt, run ntdsutil.exe.

  3. From the Active Directory Module for Windows PowerShell, run the Restore-Computer cmdlet.

  4. From the Active Directory Module for Windows PowerShell, run the Restore-ADObject

    cmdlet.

    Answer: D Explanation:

    http://technet.microsoft.com/en-us/library/dd379509(v=ws.10).aspx Step 2: Restore a Deleted Active Directory Object

    Applies To: Windows Server 2008 R2

    This step provides instructions for completing the following tasks with Active Directory Recycle Bin:

    Displaying the Deleted Objects container

    Restoring a deleted Active Directory object using Ldp.exe

    Restoring a deleted Active Directory object using the Get-ADObject and Restore-ADObject cmdlets

    Restoring multiple, deleted Active Directory objects

    To restore a single, deleted Active Directory object using the Get-ADObject and Restore- ADObject cmdlets

    1. Click Start, click Administrative Tools, right-click Active Directory Module for Windows PowerShell, and then click Run as administrator.

    2. At the Active Directory module for Windows PowerShell command prompt, type the following command, and then press ENTER:

      Get-ADObject -Filter {String} -IncludeDeletedObjects | Restore-ADObject

      For example, if you want to restore an accidentally deleted user object with the display name Mary, type the following command, and then press ENTER:

      Get-ADObject -Filter {displayName -eq quot;Maryquot;} -IncludeDeletedObjects | Restore-ADObject http://blogs.msdn.com/b/dsadsi/archive/2009/08/26/restoring-object-from-the-active- directory-recycle-binusing-ad-powershell.aspx

      Restoring object from the Active Directory Recycle Bin using AD Powershell

      Question No: 293 – (Topic 3)

      Your network contains a single Active Directory domain. A domain controller named DC2 fails.

      You need to remove DC2 from Active Directory.

      Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

      1. At the command prompt, run dcdiag.exe /fix.

      2. At the command prompt, run netdom.exe remove dc2.

      3. From Active Directory Sites and Services, delete DC2.

      4. From Active Directory Users and Computers, delete DC2.

        Answer: C,D

        Reference:

        http://technet.microsoft.com/en-us/library/cc816907.aspx Clean Up Server Metadata

        Metadata cleanup is a required procedure after a forced removal of Active Directory Domain Services (AD DS).

        You perform metadata cleanup on a domain controller in the domain of the domain controller that you forcibly removed. Metadata cleanup removes data from AD DS that identifies a domain controller to the replication system.

        Clean up server metadata by using GUI tools

        Clean up server metadata by using Active Directory Users and Computers

        1. Open Active Directory Users and Computers: On the Start menu, point to Administrative Tools, and then click Active Directory Users and Computers.

        2. Expand the domain of the domain controller that was forcibly removed, and then click Domain Controllers.

        3. In the details pane, right-click the computer object of the domain controller whose metadata you want to clean up, and then click Delete.

Clean up server metadata by using Active Directory Sites and Services

  1. Open Active Directory Sites and Services: On the Start menu, point to Administrative Tools, and then click Active Directory Sites and Services

  2. Expand the site of the domain controller that was forcibly removed, expand Servers, expand the name of the domain controller, right-click the NTDS Settings object, and then click Delete.

    Question No: 294 – (Topic 3)

    Your network contains an Active Directory domain. The domain contains two sites named

    Site1 and Site2. Site 1 contains five domain controllers. Site2 contains one read-only domain controller (RODC). Site1 and Site2 connect to each other by using a slow WAN link.

    You discover that the cached password for a user named User1 is compromised on the RODC.

    On a domain controller in Site1, you change the password for User1.

    You need to replicate the new password for User1 to the RODC immediately. The solution must not replicate other objects to the RODC.

    Which tool should you use?

    1. Active Directory Sites and Services

    2. Active Directory Users and Computers

    3. Repadmin

    4. Replmon

Answer: C

Reference:

http://technet.microsoft.com/en-us/library/cc742095.aspx Repadmin /rodcpwdrepl

Triggers replication of passwords for the specified users from a writable Windows Server 2008 source domain controller to one or more read-only domain controllers (RODCs).

Example:

The following example triggers replication of the passwords for the user account named JaneOh from the source domain controller named source-dc01 to all RODCs that have the name prefix dest-rodc:

repadmin /rodcpwdrepl dest-rodc* source-dc01 cn=JaneOh,ou=execs,dc=contoso,dc=com

Question No: 295 – (Topic 3)

You install a standalone root certification authority (CA) on a server named Server1.

You need to ensure that every computer in the forest has a copy of the root CA certificate installed in the local computer#39;s Trusted Root Certification Authorities store.

Which command should you run on Server1?

  1. certreq.exe and specify the -accept parameter

  2. certreq.exe and specify the -retrieve parameter

  3. certutil.exe and specify the -dspublish parameter

  4. certutil.exe and specify the -importcert parameter

Answer: C

Reference:

http://technet.microsoft.com/en-us/library/cc732443.aspx

Certutil.exe is a command-line program that is installed as part of Certificate Services. You can use Certutil.exe to dump and display certification authority (CA) configuration information, configure Certificate Services, back up and restore CA components, and verify certificates, key pairs, and certificate chains.

Syntax

Certutil lt;-parametergt; [-parameter] Parameter

-dsPublish

Publish a certificate or certificate revocation list (CRL) to Active Directory

Question No: 296 – (Topic 3)

You have Active Directory Certificate Services (AD CS) deployed. You create a custom certificate template.

You need to ensure that all of the users in the domain automatically enroll for a certificate based on the custom certificate template.

Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

  1. In a Group Policy object (GPO), configure the autoenrollment settings.

  2. In a Group Policy object (GPO), configure the Automatic Certificate Request Settings.

  3. On the certificate template, assign the Read and Autoenroll permission to the Authenticated Users group.

  4. On the certificate template, assign the Read, Enroll, and Autoenroll permission to the Domain Users group.

Answer: A,D

Reference:

http://technet.microsoft.com/en-us/library/dd379539.aspx

To automatically enroll client computers for certificates in a domain environment, you must: Configure an autoenrollment policy for the domain.

(…)

In Configuration Model, select Enabled to enable autoenrollment. Configure certificate templates for autoenrollment.

(…)

In the Permissions for Authenticated Users list, select Read, Enroll, and Autoenroll in the Allow column, and then click OK and Close to finish

Configure an enterprise CA.

Question No: 297 – (Topic 3)

Your network contains an Active Directory domain named contoso.com.

You need to audit changes to a service account. The solution must ensure that the audit logs contain the before and after values of all the changes.

Which security policy setting should you configure?

  1. Audit Sensitive Privilege Use

  2. Audit User Account Management

  3. Audit Directory Service Changes

  4. Audit Other Account Management Events

Answer: C Explanation:

Reference 1:

http://technet.microsoft.com/en-us/library/dd772641.aspx

Audit Directory Service Changes

This security policy setting determines whether the operating system generates audit events when changes are made to objects in Active Directory Domain Services (AD DS). Reference 2:

http://technet.microsoft.com/en-us/library/cc731607.aspx AD DS Auditing Step-by-Step Guide

This guide includes a description of the new Active Directory庐 Domain Services (AD DS) auditing feature in Windows Server庐 2008. With the new auditing feature, you can log events that show old and new values; for example, you can show that Joe#39;s favorite drink changed from single latte to triple-shot latte.

Question No: 298 – (Topic 3)

Your network contains an Active Directory forest. The forest contains an Active Directory site for a remote office. The remote site contains a read-only domain controller (RODC).

You need to configure the RODC to store only the passwords of users in the remote site. What should you do?

  1. Create a Password Settings object (PSO).

  2. Modify the Partial-Attribute-Set attribute of the forest.

  3. Add the user accounts of the remote site users to the Allowed RODC Password Replication Group.

  4. Add the user accounts of users who are not in the remote site to the Denied RODC Password Replication Group.

Answer: C

Reference:

http://technet.microsoft.com/en-us/library/cc730883.aspx Password Replication Policy Allowed and Denied lists

Two new built-in groups are introduced in Windows Server 2008 Active Directory domains to support RODC operations. These are the Allowed RODC Password Replication Group and Denied RODC Password

Replication Group.

These groups help implement a default Allowed List and Denied List for the RODC Password Replication Policy. By default, the two groups are respectively added to the msDS-RevealOnDemandGroup and msDSNeverRevealGroup

Active Directory attributes mentioned earlier.

Question No: 299 – (Topic 3)

Your network contains two Active Directory forests named contoso.com and nwtraders.com. Active Directory Rights Management Services (AD RMS) is deployed in each forest.

You need to ensure that users from the nwtraders.com forest can access AD RMS protected content in the contoso.com forest.

What should you do?

  1. Add a trusted user domain to the AD RMS cluster in the nwtraders.com domain.

  2. Create an external trust from nwtraders.com to contoso.com.

  3. Add a trusted user domain to the AD RMS cluster in the contoso.com domain.

  4. Create an external trust from contoso.com to nwtraders.com.

Answer: C

Reference:

http://technet.microsoft.com/en-us/library/hh311036.aspx Using AD RMS trust

It is not necessary to create trust or federation relationships between the Active Directory forests of organizations to be able to share rights-protected information between separate organizations. AD RMS provides two types of trust relationships that provide this kind of rights-protected information exchange. A trusted user domain (TUD) allows the AD RMS root cluster to process requests for client licensor certificates or use licenses from users

whose rights account certificates (RACs) were issued by a different AD RMS root cluster. You add a trusted user domain by importing the server licensor certificate of the AD RMS cluster to trust.

Question No: 300 – (Topic 3)

Your network contains an Active Directory domain. The domain contains four domain controllers.

You modify the Active Directory schema.

You need to verify that all the domain controllers received the schema modification. Which command should you run?

  1. dcdiag.exe /a

  2. netdom.exe query fsmo

  3. repadmin.exe /showrepl *

  4. sc.exe query ntds

Answer: C Explanation:

http://blogs.technet.com/b/askds/archive/2009/07/01/getting-over-replmon.aspx Getting Over Replmon

Status Checking Replmon had the option to generate a status report text file. It could tell you which servers were configured to replicate with each other, if they had any errors, and so on. It was pretty useful actually, and one of the main reasons people liked the tool.

Repadmin.exe offers similar functionality within a few of its command line options. For example, we can get a summary report:

Repadmin /replsummary *

Dumps4Cert 2018 PDF and VCE

C:\Documents and Settings\usernwz1\Desktop\1.PNG

Several DCs have been taken offline. Repadmin shows the correct error of 58 – that the other DCs are not available and cannot tell you their status.

You can also use more verbose commands with Repadmin to see details about which DCs are or are not replicating:

Repadmin /showrepl *

Dumps4Cert 2018 PDF and VCE

C:\Documents and Settings\usernwz1\Desktop\1.PNG

Topic 4, Volume D

100% Dumps4cert Free Download!
70-640 PDF
100% Dumps4cert Pass Guaranteed!
70-640 Dumps

Dumps4cert ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No


Leave a Reply

Your email address will not be published. Required fields are marked *

  • Categories

  • Tags

  • Hot Exams

  • Hot Exams

  • Hot Catageories

  • microsoft dumps

    62-193 Dumps
    70-243 Dumps
    70-246 Dumps
    70-247 Dumps
    70-331 Dumps
    70-332 Dumps
    70-333 Dumps
    70-334 Dumps
    70-339 Dumps
    70-341 Dumps
    70-342 Dumps
    70-345 Dumps
    70-346 Dumps
    70-347 Dumps
    70-348 Dumps
    70-354 Dumps
    70-355 Dumps
    70-357 Dumps
    70-383 Dumps
    70-384 Dumps
    70-385 Dumps
    70-398 Dumps
    70-410 Dumps
    70-411 Dumps
    70-412 Dumps
    70-413 Dumps
    70-414 Dumps
    70-417 Dumps
    70-461 Dumps
    70-462 Dumps
    70-463 Dumps
    70-464 Dumps
    70-465 Dumps
    70-466 Dumps
    70-467 Dumps
    70-469 Dumps
    70-470 Dumps
    70-473 Dumps
    70-475 Dumps
    70-480 Dumps
    70-481 Dumps
    70-482 Dumps
    70-483 Dumps
    70-484 Dumps
    70-485 Dumps
    70-486 Dumps
    70-487 Dumps
    70-488 Dumps
    70-489 Dumps
    70-490 Dumps
    70-491 Dumps
    70-492 Dumps
    70-494 Dumps
    70-496 Dumps
    70-497 Dumps
    70-498 Dumps
    70-499 Dumps
    70-517 Dumps
    70-532 Dumps
    70-533 Dumps
    70-534 Dumps
    70-535 Dumps
    70-537 Dumps
    70-640 Dumps
    70-642 Dumps
    70-646 Dumps
    70-673 Dumps
    70-680 Dumps
    70-681 Dumps
    70-682 Dumps
    70-684 Dumps
    70-685 Dumps
    70-686 Dumps
    70-687 Dumps
    70-688 Dumps
    70-689 Dumps
    70-692 Dumps
    70-694 Dumps
    70-695 Dumps
    70-696 Dumps
    70-697 Dumps
    70-698 Dumps
    70-703 Dumps
    70-705 Dumps
    70-713 Dumps
    70-734 Dumps
    70-735 Dumps
    70-740 Dumps
    70-741 Dumps
    70-742 Dumps
    70-743 Dumps
    70-744 Dumps
    70-745 Dumps
    70-761 Dumps
    70-762 Dumps
    70-764 Dumps
    70-765 Dumps
    70-767 Dumps
    70-768 Dumps
    70-773 Dumps
    70-774 Dumps
    70-775 Dumps
    70-776 Dumps
    70-778 Dumps
    70-779 Dumps
    70-980 Dumps
    70-981 Dumps
    70-982 Dumps
    74-343 Dumps
    74-344 Dumps
    74-409 Dumps
    74-678 Dumps
    74-697 Dumps
    77-418 Dumps
    77-419 Dumps
    77-420 Dumps
    77-421 Dumps
    77-422 Dumps
    77-423 Dumps
    77-424 Dumps
    77-425 Dumps
    77-426 Dumps
    77-427 Dumps
    77-428 Dumps
    77-600 Dumps
    77-601 Dumps
    77-602 Dumps
    77-603 Dumps
    77-604 Dumps
    77-605 Dumps
    77-725 Dumps
    77-726 Dumps
    77-727 Dumps
    77-728 Dumps
    77-729 Dumps
    77-730 Dumps
    77-731 Dumps
    77-853 Dumps
    77-881 Dumps
    77-882 Dumps
    77-883 Dumps
    77-884 Dumps
    77-885 Dumps
    77-886 Dumps
    77-887 Dumps
    77-888 Dumps
    77-891 Dumps
    98-349 Dumps
    98-361 Dumps
    98-362 Dumps
    98-363 Dumps
    98-364 Dumps
    98-365 Dumps
    98-366 Dumps
    98-367 Dumps
    98-368 Dumps
    98-369 Dumps
    98-372 Dumps
    98-373 Dumps
    98-374 Dumps
    98-375 Dumps
    98-379 Dumps
    98-380 Dumps
    98-381 Dumps
    98-382 Dumps
    98-383 Dumps
    98-388 Dumps
    AZ-100 Dumps
    AZ-101 Dumps
    AZ-102 Dumps
    INF-203x Dumps
    INF-204x Dumps
    INF-205x Dumps
    INF-206x Dumps
    MB2-700 Dumps
    MB2-701 Dumps
    MB2-702 Dumps
    MB2-703 Dumps
    MB2-704 Dumps
    MB2-706 Dumps
    MB2-707 Dumps
    MB2-708 Dumps
    MB2-709 Dumps
    MB2-710 Dumps
    MB2-711 Dumps
    MB2-712 Dumps
    MB2-713 Dumps
    MB2-714 Dumps
    MB2-715 Dumps
    MB2-716 Dumps
    MB2-717 Dumps
    MB2-718 Dumps
    MB2-719 Dumps
    MB2-877 Dumps
    MB5-705 Dumps
    MB6-700 Dumps
    MB6-701 Dumps
    MB6-702 Dumps
    MB6-703 Dumps
    MB6-704 Dumps
    MB6-705 Dumps
    MB6-884 Dumps
    MB6-885 Dumps
    MB6-886 Dumps
    MB6-889 Dumps
    MB6-890 Dumps
    MB6-892 Dumps
    MB6-893 Dumps
    MB6-894 Dumps
    MB6-895 Dumps
    MB6-896 Dumps
    MB6-897 Dumps
    MB6-898 Dumps