[Free] 2018(Aug) Dumps4cert Microsoft 70-640 Dumps with VCE and PDF Download 331-340

Dumps4cert.com : Latest Dumps with PDF and VCE Files
2018 Aug Microsoft Official New Released 70-640
100% Free Download! 100% Pass Guaranteed!

Windows Server 2008 Active Directory, Configuring

Question No: 331 – (Topic 4)

Your network contains an Active Directory domain. The domain contains an organizational unit (OU) named OU1. OU1 contains all managed service accounts in the domain.

You need to prevent the managed service accounts from being deleted accidentally from OU1.

Which cmdlet should you use?

  1. Set-ADUser

  2. Set-ADOrganizationalUnit

  3. Set-ADServiceAccount

  4. Set-ADObject

Answer: D Explanation:

You can use Set-ADOrganizationalUnit and the -ProtectedFromAccidentalDeletion $true parameter to prevent OU1 from being deleted accidentally, but you would still be able to delete the accounts inside it. Use Set-ADObject to protect the accounts.


http://technet.microsoft.com/en-us/library/hh852326.aspx Set-ADObject Modifies an Active Directory object.


-ProtectedFromAccidentalDeletion lt;Booleangt;Specifies whether to prevent the object from being deleted. When this property is set to true, you cannot delete the corresponding object without changing the value of the property. Possible values for this parameter include:

$false or 0

$true or 1

The following example shows how to set this parameter to true.

-ProtectedFromAccidentalDeletion $true

Question No: 332 DRAG DROP – (Topic 4)

Your company plans to open a new branch office.

The new office will have a low-speed connection to the Internet.

You plan to deploy a read-only domain controller (RODC) in the branch office.

You need to create an offline copy of the Active Directory database that can be used to install the Active Directory on the new RODC.

Which commands should you run from Ntdsutil?

To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Dumps4Cert 2018 PDF and VCE


Dumps4Cert 2018 PDF and VCE

Question No: 333 – (Topic 4)

A domain controller named DC4 runs Windows Server 2008 R2. DC4 is configured as a DNS server for fabrikam.com.

You install the DNS Server server role on a member server named DNS1 and then you create a standard secondary zone for fabrikam.com. You configure DC4 as the master server for the zone.

You need to ensure that DNS1 receives zone updates from DC4. What should you do?

  1. Add the DNS1 computer account to the DNSUpdateProxy group.

  2. On DC4, modify the permissions offabrikam.com zone.

  3. On DNS1, add a conditional forwarder.

  4. On DC4, modify the zone transfer settings for the fabrikam.com zone.

    Answer: D


    http://technet.microsoft.com/en-us/library/cc771652.aspx Modify Zone Transfer Settings

    You can use the following procedure to control whether a zone will be transferred to other servers and which servers can receive the zone transfer.

    To modify zone transfer settings using the Windows interface

    1. Open DNS Manager.

    2. Right-click a DNS zone, and then click Properties.

    3. On the Zone Transfers tab, do one of the following:

      To disable zone transfers, clear the Allow zone transfers check box. To allow zone transfers, select the Allow zone transfers check box.

    4. If you allowed zone transfers, do one of the following: To allow zone transfers to any server, click To any server.

      To allow zone transfers only to the DNS servers that are listed on the Name Servers tab, click Only to servers listed on the Name Servers tab.

      To allow zone transfers only to specific DNS servers, click Only to the following servers, and then add the IP address of one or more DNS servers.

      Question No: 334 – (Topic 4)

      Your network contains an Active Directory domain named litwareinc.com. The domain contains two sites named Sitel and Site2. Site2 contains a read-only domain controller (RODC).

      You need to identify which user accounts attempted to authenticate to the RODC. Which tool should you use?

      1. Active Directory Users and Computers

      2. Ntdsutil

      3. Get-ADAccountResultantPasswordReplicationPolicy

      4. Adtest

Answer: A Explanation:

Original answer was C (quot;Get-ADAccountResultantPasswordReplicationPolicyquot;). Ntdsutil cannot be used for this.


Get-ADAccountResultantPasswordReplicationPolicy is used to get the members of the allowed list or denied list of a read-only domain controller#39;s password replication policy. Get-

ADDomainControllerPasswordReplicationPolicyUsage could be used, but is not listed. http://technet.microsoft.com/en-us/library/ee617207.aspx

Adtest is used for perfomance testing. Reference 1:


Review whose accounts have been authenticated to an RODC

Periodically, you should review whose accounts have been authenticated to an RODC. (…) You can use Active Directory Users and Computers or repadmin /prp to review whose

accounts have been authenticated to an RODC. Reference 2:

http://technet.microsoft.com/en-us/library/83a6daba-cdde-4606-97a3- ebb9d7fa6bf(v=ws.10)#BKMK_Auth2

Gives a step by step explanation on using Active Directory Users and Computers.

Old explanation:

Get-ADDomainControllerPasswordReplicationPolicyUsage o get accounts that are authenticated by the RODC, use the AuthenticatedAccounts parameter. To get the accounts that have passwords stored on the RODC, use the RevealedAccounts parameter. http://technet.microsoft.com/en-us/library/ee617194.aspx

Question No: 335 – (Topic 4)

Your company, Contoso, Ltd., has a main office and a branch office. The offices are connected by a WAN link.Contoso has an Active Directory forest that contains a single domain named ad.contoso.com.

The ad.contoso.com domain contains one domain controller named DC1 that is located in the main office. DC1 is configured as a DNS server for the ad.contoso.com DNS zone. This zone is configured as a standard primary zone.

You install a new domain controller named DC2 in the branch office. You install DNS on DC2.

You need to ensure that the DNS service can update records and resolve DNS queries in the event that aWAN link fails.

What should you do?

  1. Create a new secondary zone named ad.contoso.com on DC2.

  2. Create a new stub zone named ad.contoso.com on DC2.

  3. Configure the DNS server on DC2 to forward requests to DC1.

  4. Convert the ad.contoso.com zone on DC1 to an Active Directory-integrated zone.

Answer: D Explanation:

Three answers don#39;t make sense, leaving us with the one that works. Create a new secondary zone named ad.contoso.com on DC2.

This would create a read-only zone, so it couldn#39;t be updated Create a new stub zone named ad.contoso.com on DC2.

This stub zone would contain source information about authoritative name servers for its zone only, being DC1, but that one would be unavailable in the WAN link fails.

Configure the DNS server on DC2 to forward requests to DC1. This doesn#39;t help if the WAN link fails and DC1 is unavailable.

Question No: 336 – (Topic 4)

You have a client computer named Computer1 that runs Windows 7. On Computer1, you configure a source-initiated subscription.

You configure the subscription to retrieve all events from the Windows logs of a domain controller named DC1.

The subscription is configured to use the HTTP protocol.

You discover that events from the Security log of DC1 are not collected on Computer1. Events from the

Application log of DC1 and the System log of DC1 are collected on Computer1.

You need to ensure that events from the Security log of DC1 are collected on Computer1. What should you do?

  1. Add the computer account of Computer1 to the Event Log Readers group on the domain controller.

  2. Add the Network Service security principal to the Event Log Readers group on the domain.

  3. Configure the subscription to use custom Event Delivery Optimization settings.

  4. Configure the subscription to use the HTTPS protocol.

    Answer: B


    Reference 1:

    http://blogs.technet.com/b/askds/archive/2011/08/29/the-security-log-haystack-event- forwarding-and-you.aspx

    Preparing Windows Server 2008 and Windows Server 2008 R2

    You have to prepare your Windows Server 2008/2008 R2 machines for collection of security events. To do this, simply add the Network Service account to the Built-in Event Log Readers group.

    Reference 2:

    http://social.technet.microsoft.com/Forums/en-US/winservergen/thread/8434ffb3-1621- 4bc5-8311-66d88b215886/

    How to collect security logs using event forwarding?

    For Windows Vista, Windows Server 2008 and later version of clients, please follow the steps below to configure it.

    1. Click start-gt;run, type CompMgmt.msc to open Computer Management Console.

    2. Under Local Users and Groups, click Groups-gt;Event Log Readers to open Event Log Readers Properties.

    3. Click Add, then click Location button, select your computer and click OK.

    4. Click Object Types button, check the checkbox of Build-in security principals and click OK.

    5. Add “Network Service”build-in account to Event Log Readers group.

    6. Reboot the client computer.

      After these steps have been taken, you will see the security event logs in the Forwarded Events on your event collector.

      Question No: 337 – (Topic 4)

      You create a user account template for the marketing department.

      When you copy the user account template, you discover that the Web page attribute is not copied.

      You need to preserve the Web page attribute when you copy the user account template. What should you do?

      1. From Active Directory Administrative Center, modify the value of the wWWHomePage attribute for the user account template.

      2. From the Active Directory Schema snap-in, modify the properties of the user class.

      3. From Active Directory Users and Computers, modify the value of the wWWHomePage attribute for the user account template.

      4. From ADSI Edit, modify the properties of the wWWHomePage attribute.

Answer: B



You can modify which default attributes are carried over to a newly copied user or specify additional attributes that will be copied to the new user. To do this, open the Active Directory Schema snap-in, view the desired attribute properties, and select (or clear) the Attribute is copied when duplicating user check box. You can modify or add only the attributes that are instances of the user class.

Question No: 338 – (Topic 4)

Your network contains an Active Directory forest named adatum.com. The DNS infrastructure fails.

You rebuild the DNS infrastructure.

You need to force the registration of the Active Directory Service Locator (SRV) records in DNS.

Which service should you restart on the domain controllers?

  1. Netlogon

  2. DNS Server

  3. Network Location Awareness

  4. Network Store Interface Service

  5. Online Responder Service

Answer: A


MCTS 70-640 Cert Guide: Windows Server 2008 Active Directory, Configuring (Pearson IT

Certification, 2010) page 62

The SRV resource records for a domain controller are important in enabling clients to locate the domain controller. The Netlogon service on domain controllers registers this resource record whenever a domain controller is restarted. You can also re-register a domain controller’s SRV resource records by restarting this service from the Services branch of Server Manager or by typing net start netlogon. An exam question might ask you how to troubleshoot the nonregistration of SRV resource records.

Question No: 339 – (Topic 4)

Your network contains an enterprise certification authority (CA) that runs Windows Server 2008 R2 Enterprise.

You enable key archival on the CA. The CA is configured to use custom certificate templates for Encrypted File System (EFS) certificates.

You need to archive the private key for all new EFS certificates. Which snap-in should you use?

  1. Active Directory Users and Computers

  2. Authorization Manager

  3. Group Policy Management

  4. Enterprise PKI

  5. Security Templates

  6. TPM Management

  7. Certificates

  8. Certification Authority

  9. Certificate Templates

Answer: I


http://technet.microsoft.com/en-us/library/cc753826.aspx Configure a Certificate Template for Key Archival

The key archival process takes place when a certificate is issued. Therefore, a certificate template must be modified to archive keys before any certificates are issued based on this


Key archival is strongly recommended for use with the Basic Encrypting File System (EFS) certificate template in order to protect users from data loss, but it can also be useful when applied to other types of certificates.

To configure a certificate template for key archival and recovery

  1. Open the Certificate Templates snap-in.

  2. In the details pane, right-click the certificate template that you want to change, and then click Duplicate Template.

  3. In the Duplicate Template dialog box, click Windows Server 2003 Enterprise unless all of your certification authorities (CAs) and client computers are running Windows Server 2008 R2, Windows Server 2008, Windows 7, or Windows Vista.

  4. In Template, type a new template display name, and then modify any other optional properties as needed.

  5. On the Security tab, click Add, type the name of the users or groups you want to issue the certificates to, and then click OK.

  6. Under Group or user names, select the user or group names that you just added. Under Permissions, select the Read and Enroll check boxes, and if you want to automatically issue the certificate, also select the Autoenroll check box.

  7. On the Request Handling tab, select the Archive subject#39;s encryption private key check box.

    Original explanation: http://technet.microsoft.com/en-us/library/cc730721 Original explanation: http://technet.microsoft.com/en-us/library/cc730721

    Question No: 340 – (Topic 4)

    Your network contains an Active Directory domain named contoso.com. Contoso.com contains two sites named Site1 and Site2. Site1 contains a domain controller named DC1.

    In Site1, you install a new domain controller named DC2. You ship DC2 to Site2.

    You discover that certain users in Site2 authenticate to DC1.

    You need to ensure that the users in Site2 always attempt to authenticate to DC2 first. What should you do?

    1. From Active Directory Users and Computers, modify the Location settings of the DC2 computer object.

    2. From Active Directory Sites and Services, modify the Location attribute for Site2.

    3. From Active Directory Sites and Services, move the DC2 server object.

    4. From Active Directory Users and Computers, move the DC2 computer object.

      Answer: C Explanation:

      DC2 may be shipped to Site2, but it#39;s not yet associated properly with Site2 in Active Directory.


      http://technet.microsoft.com/en-us/library/cc816674.aspx To move a server object to a new site

      1. Open Active Directory Sites and Services.

      2. In the console tree, expand Sites and the site in which the server object resides.

      3. Expand Servers to display the domain controllers that are currently configured for that site.

      4. Right-click the server object that you want to move, and then click Move.

      5. In Site Name, click the destination site, and then click OK.

      6. Expand the site object to which you moved the server, and then expand the Servers container.

      7. Verify that an object for the server that you moved exists.

      8. Expand the server object, and verify that an NTDS Settings object exists. Reference2:

        http://technet.microsoft.com/en-us/library/cc754697.aspx Using sites

        Sites help facilitate several activities, including: (…)

        Authentication. Site information helps make authentication faster and more efficient. When a client logs on to a domain, it first requests a domain controller in its local site for authentication. By establishing sites, you can ensure that clients use domain controllers that are nearest to them for authentication, which reduces authentication latency and traffic on wide area network (WAN) connections.

        100% Dumps4cert Free Download!
        70-640 PDF
        100% Dumps4cert Pass Guaranteed!
        70-640 Dumps

        Dumps4cert ExamCollection Testking
        Lowest Price Guarantee Yes No No
        Up-to-Dated Yes No No
        Real Questions Yes No No
        Explanation Yes No No
        PDF VCE Yes No No
        Free VCE Simulator Yes No No
        Instant Download Yes No No

Leave a Reply

Your email address will not be published. Required fields are marked *

  • Categories

  • Tags

  • Hot Exams

  • Hot Exams

  • Hot Catageories

  • microsoft dumps

    62-193 Dumps
    70-243 Dumps
    70-246 Dumps
    70-247 Dumps
    70-331 Dumps
    70-332 Dumps
    70-333 Dumps
    70-334 Dumps
    70-339 Dumps
    70-341 Dumps
    70-342 Dumps
    70-345 Dumps
    70-346 Dumps
    70-347 Dumps
    70-348 Dumps
    70-354 Dumps
    70-355 Dumps
    70-357 Dumps
    70-383 Dumps
    70-384 Dumps
    70-385 Dumps
    70-398 Dumps
    70-410 Dumps
    70-411 Dumps
    70-412 Dumps
    70-413 Dumps
    70-414 Dumps
    70-417 Dumps
    70-461 Dumps
    70-462 Dumps
    70-463 Dumps
    70-464 Dumps
    70-465 Dumps
    70-466 Dumps
    70-467 Dumps
    70-469 Dumps
    70-470 Dumps
    70-473 Dumps
    70-475 Dumps
    70-480 Dumps
    70-481 Dumps
    70-482 Dumps
    70-483 Dumps
    70-484 Dumps
    70-485 Dumps
    70-486 Dumps
    70-487 Dumps
    70-488 Dumps
    70-489 Dumps
    70-490 Dumps
    70-491 Dumps
    70-492 Dumps
    70-494 Dumps
    70-496 Dumps
    70-497 Dumps
    70-498 Dumps
    70-499 Dumps
    70-517 Dumps
    70-532 Dumps
    70-533 Dumps
    70-534 Dumps
    70-535 Dumps
    70-537 Dumps
    70-640 Dumps
    70-642 Dumps
    70-646 Dumps
    70-673 Dumps
    70-680 Dumps
    70-681 Dumps
    70-682 Dumps
    70-684 Dumps
    70-685 Dumps
    70-686 Dumps
    70-687 Dumps
    70-688 Dumps
    70-689 Dumps
    70-692 Dumps
    70-694 Dumps
    70-695 Dumps
    70-696 Dumps
    70-697 Dumps
    70-698 Dumps
    70-703 Dumps
    70-705 Dumps
    70-713 Dumps
    70-734 Dumps
    70-735 Dumps
    70-740 Dumps
    70-741 Dumps
    70-742 Dumps
    70-743 Dumps
    70-744 Dumps
    70-745 Dumps
    70-761 Dumps
    70-762 Dumps
    70-764 Dumps
    70-765 Dumps
    70-767 Dumps
    70-768 Dumps
    70-773 Dumps
    70-774 Dumps
    70-775 Dumps
    70-776 Dumps
    70-778 Dumps
    70-779 Dumps
    70-980 Dumps
    70-981 Dumps
    70-982 Dumps
    74-343 Dumps
    74-344 Dumps
    74-409 Dumps
    74-678 Dumps
    74-697 Dumps
    77-418 Dumps
    77-419 Dumps
    77-420 Dumps
    77-421 Dumps
    77-422 Dumps
    77-423 Dumps
    77-424 Dumps
    77-425 Dumps
    77-426 Dumps
    77-427 Dumps
    77-428 Dumps
    77-600 Dumps
    77-601 Dumps
    77-602 Dumps
    77-603 Dumps
    77-604 Dumps
    77-605 Dumps
    77-725 Dumps
    77-726 Dumps
    77-727 Dumps
    77-728 Dumps
    77-729 Dumps
    77-730 Dumps
    77-731 Dumps
    77-853 Dumps
    77-881 Dumps
    77-882 Dumps
    77-883 Dumps
    77-884 Dumps
    77-885 Dumps
    77-886 Dumps
    77-887 Dumps
    77-888 Dumps
    77-891 Dumps
    98-349 Dumps
    98-361 Dumps
    98-362 Dumps
    98-363 Dumps
    98-364 Dumps
    98-365 Dumps
    98-366 Dumps
    98-367 Dumps
    98-368 Dumps
    98-369 Dumps
    98-372 Dumps
    98-373 Dumps
    98-374 Dumps
    98-375 Dumps
    98-379 Dumps
    98-380 Dumps
    98-381 Dumps
    98-382 Dumps
    98-383 Dumps
    98-388 Dumps
    AZ-100 Dumps
    AZ-101 Dumps
    AZ-102 Dumps
    INF-203x Dumps
    INF-204x Dumps
    INF-205x Dumps
    INF-206x Dumps
    MB2-700 Dumps
    MB2-701 Dumps
    MB2-702 Dumps
    MB2-703 Dumps
    MB2-704 Dumps
    MB2-706 Dumps
    MB2-707 Dumps
    MB2-708 Dumps
    MB2-709 Dumps
    MB2-710 Dumps
    MB2-711 Dumps
    MB2-712 Dumps
    MB2-713 Dumps
    MB2-714 Dumps
    MB2-715 Dumps
    MB2-716 Dumps
    MB2-717 Dumps
    MB2-718 Dumps
    MB2-719 Dumps
    MB2-877 Dumps
    MB5-705 Dumps
    MB6-700 Dumps
    MB6-701 Dumps
    MB6-702 Dumps
    MB6-703 Dumps
    MB6-704 Dumps
    MB6-705 Dumps
    MB6-884 Dumps
    MB6-885 Dumps
    MB6-886 Dumps
    MB6-889 Dumps
    MB6-890 Dumps
    MB6-892 Dumps
    MB6-893 Dumps
    MB6-894 Dumps
    MB6-895 Dumps
    MB6-896 Dumps
    MB6-897 Dumps
    MB6-898 Dumps