[Free] 2018(Aug) Dumps4cert Microsoft 70-640 Dumps with VCE and PDF Download 301-310

Dumps4cert.com : Latest Dumps with PDF and VCE Files
2018 Aug Microsoft Official New Released 70-640
100% Free Download! 100% Pass Guaranteed!

Windows Server 2008 Active Directory, Configuring

Question No: 301 – (Topic 4)

Your network contains an Active Directory domain named contoso.com.

You have an organizational unit (OU) named Sales and an OU named Engineering. You have a Group Policy object (GPO) linked to the domain.

You need to ensure that the settings in the GPO are not processed by user accounts or computer accounts in the Sales OU. You must achieve this goal by using the minimum amount of administrative effort.

What should you do?

  1. Modify the Group Policy permissions.

  2. Enable block inheritance.

  3. Configure the link order.

  4. Enable loopback processing in merge mode.

  5. Enable loopback processing in replace mode.

  6. Configure WMI filtering.

  7. Configure Restricted Groups.

  8. Configure Group Policy Preferences.

  9. Link the GPO to the Sales OU.

  10. Link the GPO to the Engineering OU.

Answer: B

Reference:

http://technet.microsoft.com/en-us/library/cc731076.aspx

Block Inheritance You can block inheritance for a domain or organizational unit. Blocking inheritance prevents Group Policy objects (GPOs) that are linked to higher sites, domains, or organizational units from being automatically inherited by the child-level.

Question No: 302 – (Topic 4)

Your network contains an Active Directory domain. All DNS servers are domain controllers. You view the properties of the DNS zone as shown in the exhibit. (Click the Exhibit button.)

Dumps4Cert 2018 PDF and VCE

You need to ensure that only domain members can register DNS records in the zone. What should you do first?

  1. Modify the zone type.

  2. Create a trust anchor.

  3. Modify the Advanced properties of the DNS server.

  4. Modify the Dynamic updates setting.

    Answer: A Explanation:

    To ensure that only domain members are allowed to register DNS records we have to:

    1. modify the zone type to Active Directory-Integrated.

    2. set the Dynamic updates option to Secure only, which is only available to Active Directory-Integrated zones.

      Reference 1:

      MCTS Windows Server 庐 2008 Active Directory Configuration Study Guide (Sybex, 2008) page 53

      Secure only-This means that only machines with accounts in Active Directory can register with DNS.

      Before DNS registers any account in its database, it checks Active Directory to make sure that account is an authorized domain computer.

      Reference 2:

      http://technet.microsoft.com/en-us/library/ee649287.aspx

      Secure dynamic update is supported only for Active Directory-integrated zones. If the zone type is configured differently, you must change the zone type and directory-integrate the zone before securing it for DNS dynamic updates.

      Question No: 303 – (Topic 4)

      Your network contains an Active Directory domain named contoso.com. Contoso.com contains a member server that runs Windows Server 2008 R2 Standard.

      You need to create an enterprise subordinate certification authority (CA) that can issue certificates based on version 3 certificate templates.

      You must achieve this goal by using the minimum amount of administrative effort. What should you do first?

      1. Run the certutil.exe – addenrollmentserver command.

      2. Install the Active Directory Certificate Services (AD CS) role on the member server.

      3. Upgrade the member server to Windows Server 2008 R2 Enterprise.

      4. Run the certutil.exe – installdefaulttemplates command.

Answer: C

Question No: 304 – (Topic 4)

You have an enterprise subordinate certification authority (CA).

You have a custom certificate template that has a key length of 1,024 bits. The template is enabled for autoenrollment.

You increase the template key length to 2,048 bits.

You need to ensure that all current certificate holders automatically enroll for a certificate that uses the new template.

Which console should you use?

  1. Group Policy Management MMC Snap-In

  2. Certificates MMC Snap-In on the Certificate Authority

  3. Certificate Templates MMC Snap-In

  4. Certification Authority MMC Snap-In

    Answer: C

    Reference:

    http://technet.microsoft.com/en-us/library/cc771246.aspx

    Re-Enroll All Certificate Holders

    This procedure is used when a critical change is made to the certificate template and you want all subjects that hold a certificate that is based on this template to re-enroll as quickly as possible. The next time the subject verifies the version of the certificate against the version of the template on the certification authority (CA), the subject will re-enroll.

    Membership in Domain Admins or Enterprise Admins, or equivalent, is the minimum required to complete this procedure. For more information, see Implement Role-Based Administration.

    To re-enroll all certificate holders

    1. Open the Certificate Templates snap-in.

    2. Right-click the template that you want to use, and then click Reenroll All Certificate Holders.

      Question No: 305 – (Topic 4)

      Your network contains an Active Directory domain. The domain contains 10 domain controllers that run Windows Server 2008 R2.

      You need to monitor the following information on the domain controllers during the next five days:

      ->Memory usage

      ->Processor usage

      ->The number of LDAP queries

      What should you do?

      1. Create a User Defined Data Collector Set (DCS) that uses the Active Directory Diagnostics template.

      2. Use the System Performance Data Collector Set (DCS).

      3. Create a User Defined Data Collector Set (DCS) that uses the System Performance template.

      4. Use the Active Directory Diagnostics Data Collector Set (DCS).

Answer: A Explanation:

The System Performance Data Collector Set/System Performance template does not monitor Active Directory data (we need the number of LDAP queries). That leaves out answers

B (quot;Use the System Performance Data Collector Set (DCS)quot;) and

C (quot;Create a User Defined Data Collector Set (DCS) that uses the System Performance templatequot;).

Because the Active Directory Diagnostics Data Collector Set (DCS) runs only for 5 minutes and we need to monitor for 5 days we have to use a User Defined Data Collector Set (DCS) that uses the Active Directory Diagnostics template. For a User Defined Data Collector Set we can set the monitoring duration in seconds, minutes, hours, days or weeks.

So we have to create a User Defined Data Collector Set (DCS) that uses the Active Directory Diagnostics template.

Reference:

http://blogs.technet.com/b/askds/archive/2010/06/08/son-of-spa-ad-data-collector-sets-in-

win2008-andbeyond.aspx

AD Data Collector Sets in Win2008 and beyond

The Active Directory Diagnostics data collector set runs for a default of 5 minutes. This duration period cannot be modified for the built-in collector. However, the collection can be stopped manually by clicking the Stop button or from the command line. If reducing or increasing the time that a data collector set runs is required, and manually stopping the collection is not desirable, then see How to Create a User Defined Data Collection Set.

Question No: 306 – (Topic 4)

Your network contains an Active Directory-integrated DNS zone named contoso.com.

You discover that the zone includes DNS records for computers that were removed from the network.

You need to ensure that the DNS records are deleted automatically from the zone. What should you do?

  1. From DNS Manager, set the aging properties.

  2. Create a scheduled task that runs dnslint.exe /v /d contoso.com.

  3. From DNS Manager, modify the refresh interval of the start of authority (SOA) record.

  4. Create a scheduled task that runs ipconfig.exe /flushdns.

    Answer: A

    Reference:

    http://technet.microsoft.com/en-us/library/cc753217.aspx Set Aging and Scavenging Properties for the DNS Server

    The DNS Server service supports aging and scavenging features. These features are provided as a mechanism for performing cleanup and removal of stale resource records, which can accumulate in zone data over time. You can use this procedure to set the default aging and scavenging properties for the zones on a server.

    To set aging and scavenging properties for the DNS server using the Windows interface

    1. Open DNS Manager.

    2. In the console tree, right-click the applicable DNS server, and then click Set Aging/Scavenging for all zones.

    3. Select the Scavenge stale resource records check box.

    4. Modify other aging and scavenging properties as needed.

      Question No: 307 – (Topic 4)

      A company has an Active Directory forest. You plan to install an offline Enterprise root certification authority (CA) on a server named CA1. CA1 is a member of the PerimeterNetwork workgroup and is attached to a hardware security module for private key storage.

      You attempt to add the Active Directory Certificate Services (AD CS) server role to CA1. The Enterprise CA option is not available.

      You need to install the AD CS server role as an Enterprise CA on CA1. What should you do first?

      1. Add the DNS Server server role to CA1.

      2. Add the Web Server (IIS) server role and the AD CS server role to CA1.

      3. Add the Active Directory Lightweight Directory Services (AD LDS) server role to CA1.

      4. Join CA1 to the domain.

        Answer: D Explanation:

        Reference 1:

        http://kazmierczak.eu/itblog/2012/09/23/enterprise-ca-option-is-greyed-out-unavailable/ Many times, administrators ask me what to do when installing Active Directory Certificate Services they cannot choose to install Enterprise Certification Authority, because it’s unavailable.

        Well, you need to fulfill basic requirements:

        1. Server machine has to be a member server (domain joined). 2. (…)

          Reference 2: http://social.technet.microsoft.com/Forums/en/w7itproSP/thread/34f95b81-b196-4211- 9a99-a06108521268

          Question No: 308 – (Topic 4)

          Your network contains an Active Directory domain. The domain contains several domain controllers.

          You need to modify the Password Replication Policy on a read-only domain controller (RODC).

          Which tool should you use?

          1. Group Policy Management

          2. Active Directory Domains and Trusts

          3. Active Directory Users and Computers

          4. Computer Management

          5. Security Configuration Wizard

            Answer: C

            Reference:

            http://technet.microsoft.com/en-us/library/rodc-guidance-for-administering-the-password- replication-policy.aspx

            Administering the Password Replication Policy

            This topic describes the steps for viewing, configuring, and monitoring the Password Replication Policy (PRP) and password caching for read-only domain controllers (RODCs).

            To configure the PRP using Active Directory Users and Computers

            1. Open Active Directory Users and Computers as a member of the Domain Admins group.

            2. Ensure that you are connected to a writeable domain controller running Windows Server 2008 in the correct domain.

            3. Click Domain Controllers, and in the details pane, right-click the RODC computer

              account, and then click Properties.

            4. Click the Password Replication Policy tab.

            5. The Password Replication Policy tab lists the accounts that, by default, are defined in the Allowed list and the Deny list on the RODC. To add other groups that should be included in either the Allowed list or the Deny list, click Add.

              To add other accounts that will have credentials cached on the RODC, click Allow passwords for the account to replicate to this RODC.

              To add other accounts that are not allowed to have credentials cached on the RODC, click Deny passwords for the account from replicating to this RODC.

              Question No: 309 – (Topic 4)

              Your network contains an Active Directory domain. All domain controllers run Windows Server 2008 R2.

              You need to create a snapshot of Active Directory. What should you do?

              1. Run the dsquery.exe command.

              2. Run the dsamain.exe command.

              3. Create custom views from Event Viewer.

              4. Configure subscriptions from Event Viewer.

              5. Create a Data Collector Set (DCS).

              6. Configure the Active Directory Diagnostics Data Collector Set (DCS).

              7. Run the repadmin.exe command.

              8. Run the ntdsutil.exe command.

              9. Run the Get-ADForest cmdlet.

              10. Run the eventcreate.exe command.

                Answer: H

                Reference:

                http://technet.microsoft.com/en-us/library/cc753609.aspx To create an AD DS or AD LDS snapshot

                1. Log on to a domain controller as a member of the Enterprise Admins groups or the

                  Domain Admins group.

                2. Click Start, right-click Command Prompt, and then click Run as administrator.

                3. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.

                4. At the elevated command prompt, type the following command, and then press ENTER: ntdsutil

                5. At the ntdsutil prompt, type the following command, and then press ENTER: snapshot

                6. At the snapshot prompt, type the following command, and then press ENTER: activate instance ntds

                7. At the snapshot prompt, type the following command, and then press ENTER: create

                  Question No: 310 – (Topic 4)

                  Your network contains an Active Directory domain named contoso.com.

                  A partner company has an Active Directory domain named nwtraders.com.

                  The networks for contoso.com and nwtraders.com connect to each other by using a WAN link.

                  You need to ensure that users in contoso.com can access resources in nwtraders.com and resources on the Internet.

                  What should you do first?

                  1. Modify the Trusted Root Certification Authorities store.

                  2. Modify the Intermediate Certification Authorities store.

                  3. Create conditional forwarders.

                  4. Add a root hint to the DNS server.

Answer: C

Reference:

MCTS 70-640 Cert Guide: Windows Server 2008 Active Directory, Configuring (Pearson IT Certification, 2010) pages 114-115

Conditional Forwarders

You can configure a DNS server as a conditional forwarder. This is a DNS server that handles name resolution for specified domains only. In other words, the local DNS server will forward all the queries that it receives for names ending with a specific domain name to the conditional forwarder. This is especially useful in situations where users in your company need access to resources in another company with a separate AD DS forest and DNS zones, such as a partner company. In such a case, specify a conditional forwarder that directs such queries to the DNS server in the partner company while other queries are forwarded to the Internet. Doing so reduces the need for adding secondary zones for partner companies on your DNS servers.

100% Dumps4cert Free Download!
70-640 PDF
100% Dumps4cert Pass Guaranteed!
70-640 Dumps

Dumps4cert ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No


Leave a Reply

Your email address will not be published. Required fields are marked *

  • Categories

  • Tags

  • Hot Exams

  • Hot Exams

  • Hot Catageories

  • microsoft dumps

    62-193 Dumps
    70-243 Dumps
    70-246 Dumps
    70-247 Dumps
    70-331 Dumps
    70-332 Dumps
    70-333 Dumps
    70-334 Dumps
    70-339 Dumps
    70-341 Dumps
    70-342 Dumps
    70-345 Dumps
    70-346 Dumps
    70-347 Dumps
    70-348 Dumps
    70-354 Dumps
    70-355 Dumps
    70-357 Dumps
    70-383 Dumps
    70-384 Dumps
    70-385 Dumps
    70-398 Dumps
    70-410 Dumps
    70-411 Dumps
    70-412 Dumps
    70-413 Dumps
    70-414 Dumps
    70-417 Dumps
    70-461 Dumps
    70-462 Dumps
    70-463 Dumps
    70-464 Dumps
    70-465 Dumps
    70-466 Dumps
    70-467 Dumps
    70-469 Dumps
    70-470 Dumps
    70-473 Dumps
    70-475 Dumps
    70-480 Dumps
    70-481 Dumps
    70-482 Dumps
    70-483 Dumps
    70-484 Dumps
    70-485 Dumps
    70-486 Dumps
    70-487 Dumps
    70-488 Dumps
    70-489 Dumps
    70-490 Dumps
    70-491 Dumps
    70-492 Dumps
    70-494 Dumps
    70-496 Dumps
    70-497 Dumps
    70-498 Dumps
    70-499 Dumps
    70-517 Dumps
    70-532 Dumps
    70-533 Dumps
    70-534 Dumps
    70-535 Dumps
    70-537 Dumps
    70-640 Dumps
    70-642 Dumps
    70-646 Dumps
    70-673 Dumps
    70-680 Dumps
    70-681 Dumps
    70-682 Dumps
    70-684 Dumps
    70-685 Dumps
    70-686 Dumps
    70-687 Dumps
    70-688 Dumps
    70-689 Dumps
    70-692 Dumps
    70-694 Dumps
    70-695 Dumps
    70-696 Dumps
    70-697 Dumps
    70-698 Dumps
    70-703 Dumps
    70-705 Dumps
    70-713 Dumps
    70-734 Dumps
    70-735 Dumps
    70-740 Dumps
    70-741 Dumps
    70-742 Dumps
    70-743 Dumps
    70-744 Dumps
    70-745 Dumps
    70-761 Dumps
    70-762 Dumps
    70-764 Dumps
    70-765 Dumps
    70-767 Dumps
    70-768 Dumps
    70-773 Dumps
    70-774 Dumps
    70-775 Dumps
    70-776 Dumps
    70-778 Dumps
    70-779 Dumps
    70-980 Dumps
    70-981 Dumps
    70-982 Dumps
    74-343 Dumps
    74-344 Dumps
    74-409 Dumps
    74-678 Dumps
    74-697 Dumps
    77-418 Dumps
    77-419 Dumps
    77-420 Dumps
    77-421 Dumps
    77-422 Dumps
    77-423 Dumps
    77-424 Dumps
    77-425 Dumps
    77-426 Dumps
    77-427 Dumps
    77-428 Dumps
    77-600 Dumps
    77-601 Dumps
    77-602 Dumps
    77-603 Dumps
    77-604 Dumps
    77-605 Dumps
    77-725 Dumps
    77-726 Dumps
    77-727 Dumps
    77-728 Dumps
    77-729 Dumps
    77-730 Dumps
    77-731 Dumps
    77-853 Dumps
    77-881 Dumps
    77-882 Dumps
    77-883 Dumps
    77-884 Dumps
    77-885 Dumps
    77-886 Dumps
    77-887 Dumps
    77-888 Dumps
    77-891 Dumps
    98-349 Dumps
    98-361 Dumps
    98-362 Dumps
    98-363 Dumps
    98-364 Dumps
    98-365 Dumps
    98-366 Dumps
    98-367 Dumps
    98-368 Dumps
    98-369 Dumps
    98-372 Dumps
    98-373 Dumps
    98-374 Dumps
    98-375 Dumps
    98-379 Dumps
    98-380 Dumps
    98-381 Dumps
    98-382 Dumps
    98-383 Dumps
    98-388 Dumps
    AZ-100 Dumps
    AZ-101 Dumps
    AZ-102 Dumps
    INF-203x Dumps
    INF-204x Dumps
    INF-205x Dumps
    INF-206x Dumps
    MB2-700 Dumps
    MB2-701 Dumps
    MB2-702 Dumps
    MB2-703 Dumps
    MB2-704 Dumps
    MB2-706 Dumps
    MB2-707 Dumps
    MB2-708 Dumps
    MB2-709 Dumps
    MB2-710 Dumps
    MB2-711 Dumps
    MB2-712 Dumps
    MB2-713 Dumps
    MB2-714 Dumps
    MB2-715 Dumps
    MB2-716 Dumps
    MB2-717 Dumps
    MB2-718 Dumps
    MB2-719 Dumps
    MB2-877 Dumps
    MB5-705 Dumps
    MB6-700 Dumps
    MB6-701 Dumps
    MB6-702 Dumps
    MB6-703 Dumps
    MB6-704 Dumps
    MB6-705 Dumps
    MB6-884 Dumps
    MB6-885 Dumps
    MB6-886 Dumps
    MB6-889 Dumps
    MB6-890 Dumps
    MB6-892 Dumps
    MB6-893 Dumps
    MB6-894 Dumps
    MB6-895 Dumps
    MB6-896 Dumps
    MB6-897 Dumps
    MB6-898 Dumps