[Free] 2018(Aug) Dumps4cert Microsoft 70-640 Dumps with VCE and PDF Download 391-400

Dumps4cert.com : Latest Dumps with PDF and VCE Files
2018 Aug Microsoft Official New Released 70-640
100% Free Download! 100% Pass Guaranteed!

Windows Server 2008 Active Directory, Configuring

Question No: 391 – (Topic 4)

Your network contains an Active Directory domain named contoso.com.

Contoso.com contains a domain controller named DC1 and a read-only domain controller (RODC) namedRODC1.

You need to view the most recent user accounts authenticated by RODC1. What should you do first?

  1. From Active Directory Sites and Services, right-click the Connection object for DC1, and then click Replicate Now.

  2. From Active Directory Sites and Services, right-click the Connection object for DC2, and then click Replicate Now.

  3. From Active Directory Users and Computers, right-click contoso.com, click Change DomainController, and then connect to DC1.

  4. From Active Directory Users and Computers, right-click contoso.com, click Change Domain Controller, and then connect to RODC1.

    Answer: C


    http://technet.microsoft.com/en-us/library/rodc-guidance-for-administering-the-password- replication-policy.aspx#BKMK_Auth2

    To view authenticated accounts using Active Directory Users and Computers

    1. Open Active Directory Users and Computers. To open Active Directory Users and Computers, click Start.

      In Start Search, type dsa.msc, and then press ENTER.

    2. Ensure that you are connected to a writeable domain controller running Windows Server 2008 in the correct domain. To connect to the appropriate domain or domain controller, in the details pane, right-click the Active Directory Users and Computers object, and then click Change Domain or Change Domain Controller, respectively.

    3. Click Domain Controllers.

    4. In the details pane, right-click the RODC computer account, and then click Properties.

    5. Click the Password Replication Policy tab.

    6. Click Advanced.

    7. In the drop-down list, click Accounts that have been authenticated to this Read-only Domain Controller, as shown in the following illustration.

      Question No: 392 – (Topic 4)

      A network contains an Active Directory forest. The forest contains three domains and two sites.

      You remove the global catalog from a domain controller named DC2. DC2 is located in


      You need to reduce the size of the Active Directory database on DC2. The solution must minimize the impact on all users in Site1.

      What should you do first?

      1. On DC2, start the Protected Storage service.

      2. On DC2, stop the Active Directory Domain Services service.

      3. Start DC2 in Safe Mode.

      4. Start DC2 in Directory Services Restore Mode.

Answer: B



Returning Unused Disk Space from the Active Directory Database to the File System

During ordinary operation, the free disk space in the Active Directory database file becomes fragmented. Each time garbage collection runs (every 12 hours, by default), free disk space is automatically defragmented online to optimize its use within the database file. The unused disk space is maintained for the database; it is not returned to the file system.

Only offline defragmentation can return unused disk space from the directory database to the file system.

When database contents have decreased considerably through a bulk deletion (for example, when you remove the global catalog from a domain controller), or if the size of the database backup is significantly increased as a result of the amount of free disk space, use offline defragmentation to reduce the size of the Ntds.dit file.

On domain controllers that are running Windows Server 2008, offline defragmentation does not require restarting the domain controller in Directory Services Restore Mode (DSRM), as is required on domain controllers that are running versions of Windows Server 2000 and Windows Server 2003. You can use a new feature in Windows Server 2008, restartable Active Directory Domain Services (AD DS), to stop the AD DS service. When the service is stopped, services that depend on AD DS shut down automatically. However, any other services that are running on the domain controller, such as Dynamic Host Configuration Protocol (DHCP), continue to run and respond to clients.

Question No: 393 – (Topic 4)

Your network contains an Active Directory domain named adatum.com. All servers run Windows Server 2008 R2 Enterprise. All client computers run Windows 7 Professional.

The network contains an enterprise certification authority (CA). You need to approve a pending certificate request.

Which snap-in should you use?

  1. Active Directory Administrative Center

  2. Authorization Manager

  3. Certificate Templates

  4. Certificates

  5. Certification Authority

  6. Enterprise PKI

  7. Group Policy Management

  8. Security Configuration Wizard

  9. Share and Storage Management

Answer: E Explanation:

Reference 1:

http://technet.microsoft.com/de-de/library/ff849263.aspx To issue a pending certificate request:

  1. Log on to your root CA by using an account that is a certificate manager.

  2. Start the Certification Authority snap-in.

  3. In the console tree, expand your root CA, and click Pending Certificates.

  4. In the details pane, right-click the pending CA certificate, and click Issue.

    Question No: 394 – (Topic 4)

    Your network contains a server named Server1. Server1 runs Windows Server 2008 R2 and has the Active Directory Lightweight Directory Services (AD LDS) role installed.

    Server1 hosts two AD LDS instances named Instance1 and Instance2. You need to remove Instance2 from Server1 without affecting Instance1.

    Which tool should you use?

    1. NTDSUtil

    2. Dsdbutil

    3. Programs and Features in the Control Panel

    4. Server Manager

      Answer: C Explanation:

      Reference 1:


      Administering AD LDS Instances

      Each AD LDS instance runs as an independent-and separately administered-service on a computer.

      Reference 2:


      To remove an AD LDS instance

      1. To open Programs and Features, click Start, click Settings, click Control Panel, and then double-click

        Programs and Features.

      2. Locate and click the AD LDS instance that you want to remove.

      3. Click Uninstall. Note

        It is not necessary to restart the computer after you remove an AD LDS instance.

        Question No: 395 – (Topic 4)

        Your network contains an Active Directory domain. The domain is configured as shown in the exhibit. (Click the Exhibit button.)

        Dumps4Cert 2018 PDF and VCE

        Each organizational unit (OU) contains over 500 user accounts.

        The Finance OU and the Human Resources OU contain several user accounts that are members of a universal group named Group1.

        You have a Group Policy object (GPO) linked to the domain.

        You need to prevent the GPO from being applied to the members of Group1 only. What should you do?

        1. Modify the Group Policy permissions.

        2. Enable block inheritance.

        3. Configure the link order.

        4. Enable loopback processing in merge mode.

        5. Enable loopback processing in replace mode.

        6. Configure WMI filtering.

        7. Configure Restricted Groups.

        8. Configure Group Policy Preferences.

        9. Link the GPO to the Finance OU.

        10. Link the GPO to the Human Resources OU.

          Answer: A Explanation:

          quot;GPOs are linked to OUs, not groups. Block inhertance blocks all inherited GPOs from

          being applied to the OU. The security filter will only help you specify groups. So you have two choices. You could remove authenticated users in the secuirty filter and add groups containing everyone except group1 members(messy solution) or you could leave authenticated users there, and specify group1 with deny apply gpo permission for the gpo(since deny will alwys win over allow).quot;

          The reference below explains a situation where the GPO only needs to be applied to one group, it#39;s the other way around so to speak.


          MS Press – Self-Paced Training Kit (Exam 70-640) (2nd Edition, July 2012) page 285, 286 Using Security Filtering to Modify GPO Scope

          By now, you’ve learned that you can link a GPO to a site, domain, or OU. However, you might need to apply GPOs only to certain groups of users or computers rather than to all users or computers within the scope of the GPO. Although you cannot directly link a GPO to a security group, there is a way to apply GPOs to specific security groups. The policies in a GPO apply only to users who have Allow Read and Allow Apply Group Policy permissions to the GPO.

          Each GPO has an access control list (ACL) that defines permissions to the GPO. Two permissions, Allow Read and Allow Apply Group Policy, are required for a GPO to apply to a user or computer. If a GPO is scoped to a computer (for example, by its link to the computer’s OU), but the computer does not have Read and Apply Group Policy permissions, it will not download and apply the GPO. Therefore, by setting the appropriate permissions for security groups, you can filter a GPO so that its settings apply only to the computers and users you specify.

          Filtering a GPO to Apply to Specific Groups

          To apply a GPO to a specific security group, perform the following steps:

      4. Select the GPO in the Group Policy Objects container in the console tree.

      5. In the Security Filtering section, select the Authenticated Users group and click Remove.

      6. Click OK to confirm the change.

      7. Click Add.

      8. Select the group to which you want the policy to apply and click OK.

        Question No: 396 – (Topic 4)

        Your network contains an Active Directory domain named contoso.com. The functional level of the forest is Windows Server 2008 R2.

        The Default Domain Controller Policy Group Policy object (GPO) contains audit policy settings.

        On a domain controller named DC1, an administrator configures the Advanced Audit Policy Configuration settings by using a local GPO.

        You need to identify what will be audited on DC1. Which tool should you use?

        1. Get-ADObject

        2. Secedit

        3. Security Configuration and Analysis

        4. Auditpol

Answer: D Explanation:

Reference 1:

http://technet.microsoft.com/en-us/library/cc772576.aspx Auditpol get

Retrieves the system policy, per-user policy, auditing options, and audit security descriptor object.

Reference 2:

Windows Server 2008 R2 Unleashed (SAMS, 2010) page 670

You can use the AUDITPOL command to get and set the audit categories and subcategories. To retrieve a list of all the settings for the audit categories and subcategories, use the following command:

auditpol /get /category:*

Question No: 397 – (Topic 4)

Your network contains an Active Directory domain. All domain controllers run Windows Server 2008 R2.

You need to compact the Active Directory database. What should you do?

  1. Run the Get-ADForest cmdlet.

  2. Configure subscriptions from Event Viewer.

  3. Run the eventcreate.exe command.

  4. Configure the Active Directory Diagnostics Data Collector Set (OCS).

  5. Create a Data Collector Set (DCS).

  6. Run the repadmin.exe command.

  7. Run the ntdsutil.exe command.

  8. Run the dsquery.exe command.

  9. Run the dsamain.exe command.

  10. Create custom views from Event Viewer.

    Answer: G Explanation:

    Reference 1:

    http://technet.microsoft.com/en-us/library/cc794920.aspx Compact the Directory Database File (Offline Defragmentation)

    You can use this procedure to compact the Active Directory database offline. Offline defragmentation returns free disk space in the Active Directory database to the file system. As part of the offline defragmentation procedure, check directory database integrity.

    Performing offline defragmentation creates a new, compacted version of the database file in a different location.

    Reference 2:

    Mastering Windows Server 2008 R2 (Sybex, 2010) page 805 Performing Offline Defragmentation of Ntds.dit

    These steps assume that you will be compacting the Ntds.dit file to a local folder. If you plan to defragment and compact the database to a remote shared folder, map a drive letter to that shared folder before you begin these steps, and use that drive letter in the path where appropriate.

    1. Open an elevated command prompt. Click Start, and then right-click Command Prompt. Click Run as Administrator.

    2. Type ntdsutil, and then press Enter.

    3. Type Activate instance NTDS, and press Enter.

    4. At the resulting ntdsutil prompt, type Files (case sensitive), and then press Enter.

    5. At the file maintenance prompt, type compact to followed by the path to the destination folder for the defragmentation, and then press Enter.

      Question No: 398 – (Topic 4)

      Your network contains an Active Directory domain. All domain controllers run Windows Server 2008 R2.

      You need to collect all of the Directory Services events from all of the domain controllers and store the events in a single central computer.

      What should you do?

      1. Run the ntdsutil.exe command.

      2. Run the repodmin.exe command.

      3. Run the Get-ADForest cmdlet.

      4. Run the dsamain.exe command.

      5. Create custom views from Event Viewer.

      6. Run the dsquery.exe command.

      7. Configure the Active Directory Diagnostics Data Collector Set (DCS),

      8. Configure subscriptions from Event Viewer.

      9. Run the eventcreate.exe command.

      10. Create a Data Collector Set (DCS).

Answer: H



Event Subscriptions

Event Viewer enables you to view events on a single remote computer. However, troubleshooting an issue might require you to examine a set of events stored in multiple logs on multiple computers.

Windows Vista includes the ability to collect copies of events from multiple remote computers and store them locally. To specify which events to collect, you create an event subscription. Among other details, the subscription specifies exactly which events will be

collected and in which log they will be stored locally. Once a subscription is active and events are being collected, you can view and manipulate these forwarded events as you would any other locally stored events.

Using the event collecting feature requires that you configure both the forwarding and the collecting computers.

The functionality depends on the Windows Remote Management (WinRM) service and the Windows Event Collector (Wecsvc) service. Both of these services must be running on computers participating in the forwarding and collecting process. To learn about the steps required to configure event collecting and forwarding computers, see Configure Computers to Forward and Collect Events (http://technet.microsoft.com/en-us/library/cc748890.aspx).

Question No: 399 – (Topic 4)

A corporate network includes a single Active Directory Domain Services (AD DS) domain. The domain contains 10 domain controllers. The domain controllers run Windows Server 2008 R2 and are configured as DNS servers.

You plan to create an Active Directory-integrated zone.

You need to ensure that the new zone is replicated to only four of the domain controllers. What should you do first?

  1. Use the ntdsutil tool to modify the DS behavior for the domain.

  2. Use the ntdsutil tool to add a naming context.

  3. Create a new delegation in the ForestDnsZones application directory partition.

  4. Use the dnscmd tool with the /zoneadd parameter.

    Answer: B Explanation:

    Dumps4Cert 2018 PDF and VCE

    Reference 1:


    Store Data in an AD DS Application Partition

    You can store Domain Name System (DNS) zones in the domain or application directory partitions of Active Directory Domain Services (AD DS). An application directory partition is a data structure in AD DS that distinguishes data for different replication purposes. When you store a DNS zone in an application directory partition, you can control the zone replication scope by controlling the replication scope of the application directory partition.

    Reference 2:

    http://technet.microsoft.com/en-us/library/cc730970.aspx Partition management

    Manages directory partitions for Active Directory Domain Services (AD DS) or Active Directory Lightweight Directory Services (AD LDS).

    This is a subcommand of Ntdsutil and Dsmgmt. Examples

    To create an application directory partition named AppPartition in the contoso.com domain, complete the following steps:

    1. To open an elevated Command Prompt window, click Start, point to All Programs, click Accessories, rightclick

      Command Prompt, and then click Run as administrator.

    2. Type: ntdsutil

    3. Type: Ac in ntds

    4. Type: partition management

    5. Type: connections

    6. Type: Connect to server DC_Name

    7. Type: quit

    8. Type: list

      The following partitions will be listed:

      0 CN=Configuration,DC=Contoso,DC=com

      1. DC=Contoso,DC=com

      2. CN=Schema,CN=Configuration,DC=Contoso,DC=com

      3. DC=DomainDnsZones,DC=Contoso,DC=com

      4. DC=ForestDnsZones,DC=Contoso,DC=com

    9. At the partition management prompt, type: create nc dc=AppPartition,dc=contoso,dc=com ConDc1.contoso.com

    10. Run the list command again to refresh the list of partitions.

Question No: 400 – (Topic 4)

Your network contains an Active Directory forest named contoso.com. The forest contains two domains named contoso.com and child.contoso.com. All domain controllers run Windows Server 2008. All forest-wide operations master roles are in child.contoso.com.

An administrator successfully runs adprep.exe /forestprep from the Windows Server 2008 R2 Service Pack 1 (SP1) installation media.

You plan to run adprep.exe /domainprep in each domain.

You need to ensure that you have the required user rights to run the command successfully in each domain.

Of which groups should you be a member? (Each correct answer presents part of the solution.

Choose two.)

  1. Administrators in child.contoso.com

  2. Enterprise Admins in contoso.com

  3. Domain Admins in child.contoso.com

  4. Domain Admins in contoso.com

  5. Administrators in contoso.com

  6. Schema Admins in contoso.com

Answer: C,D



Adprep /domainprep

Prepares a domain for the introduction of a domain controller that runs Windows Server 2008. You run this command after the forestprep command finishes and after the changes replicate to all the domain controllers in the forest.

Run this command in each domain where you plan to add a domain controller that runs Windows Server 2008.

You must run this command on the domain controller that holds the infrastructure operations master role for the domain. You must be a member of the Domain Admins group to run this command.

100% Dumps4cert Free Download!
70-640 PDF
100% Dumps4cert Pass Guaranteed!
70-640 Dumps

Dumps4cert ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

Leave a Reply

Your email address will not be published. Required fields are marked *

  • Categories

  • Tags

  • Hot Exams

  • Hot Exams

  • Hot Catageories

  • microsoft dumps

    62-193 Dumps
    70-243 Dumps
    70-246 Dumps
    70-247 Dumps
    70-331 Dumps
    70-332 Dumps
    70-333 Dumps
    70-334 Dumps
    70-339 Dumps
    70-341 Dumps
    70-342 Dumps
    70-345 Dumps
    70-346 Dumps
    70-347 Dumps
    70-348 Dumps
    70-354 Dumps
    70-355 Dumps
    70-357 Dumps
    70-383 Dumps
    70-384 Dumps
    70-385 Dumps
    70-398 Dumps
    70-410 Dumps
    70-411 Dumps
    70-412 Dumps
    70-413 Dumps
    70-414 Dumps
    70-417 Dumps
    70-461 Dumps
    70-462 Dumps
    70-463 Dumps
    70-464 Dumps
    70-465 Dumps
    70-466 Dumps
    70-467 Dumps
    70-469 Dumps
    70-470 Dumps
    70-473 Dumps
    70-475 Dumps
    70-480 Dumps
    70-481 Dumps
    70-482 Dumps
    70-483 Dumps
    70-484 Dumps
    70-485 Dumps
    70-486 Dumps
    70-487 Dumps
    70-488 Dumps
    70-489 Dumps
    70-490 Dumps
    70-491 Dumps
    70-492 Dumps
    70-494 Dumps
    70-496 Dumps
    70-497 Dumps
    70-498 Dumps
    70-499 Dumps
    70-517 Dumps
    70-532 Dumps
    70-533 Dumps
    70-534 Dumps
    70-535 Dumps
    70-537 Dumps
    70-640 Dumps
    70-642 Dumps
    70-646 Dumps
    70-673 Dumps
    70-680 Dumps
    70-681 Dumps
    70-682 Dumps
    70-684 Dumps
    70-685 Dumps
    70-686 Dumps
    70-687 Dumps
    70-688 Dumps
    70-689 Dumps
    70-692 Dumps
    70-694 Dumps
    70-695 Dumps
    70-696 Dumps
    70-697 Dumps
    70-698 Dumps
    70-703 Dumps
    70-705 Dumps
    70-713 Dumps
    70-734 Dumps
    70-735 Dumps
    70-740 Dumps
    70-741 Dumps
    70-742 Dumps
    70-743 Dumps
    70-744 Dumps
    70-745 Dumps
    70-761 Dumps
    70-762 Dumps
    70-764 Dumps
    70-765 Dumps
    70-767 Dumps
    70-768 Dumps
    70-773 Dumps
    70-774 Dumps
    70-775 Dumps
    70-776 Dumps
    70-778 Dumps
    70-779 Dumps
    70-980 Dumps
    70-981 Dumps
    70-982 Dumps
    74-343 Dumps
    74-344 Dumps
    74-409 Dumps
    74-678 Dumps
    74-697 Dumps
    77-418 Dumps
    77-419 Dumps
    77-420 Dumps
    77-421 Dumps
    77-422 Dumps
    77-423 Dumps
    77-424 Dumps
    77-425 Dumps
    77-426 Dumps
    77-427 Dumps
    77-428 Dumps
    77-600 Dumps
    77-601 Dumps
    77-602 Dumps
    77-603 Dumps
    77-604 Dumps
    77-605 Dumps
    77-725 Dumps
    77-726 Dumps
    77-727 Dumps
    77-728 Dumps
    77-729 Dumps
    77-730 Dumps
    77-731 Dumps
    77-853 Dumps
    77-881 Dumps
    77-882 Dumps
    77-883 Dumps
    77-884 Dumps
    77-885 Dumps
    77-886 Dumps
    77-887 Dumps
    77-888 Dumps
    77-891 Dumps
    98-349 Dumps
    98-361 Dumps
    98-362 Dumps
    98-363 Dumps
    98-364 Dumps
    98-365 Dumps
    98-366 Dumps
    98-367 Dumps
    98-368 Dumps
    98-369 Dumps
    98-372 Dumps
    98-373 Dumps
    98-374 Dumps
    98-375 Dumps
    98-379 Dumps
    98-380 Dumps
    98-381 Dumps
    98-382 Dumps
    98-383 Dumps
    98-388 Dumps
    AZ-100 Dumps
    AZ-101 Dumps
    AZ-102 Dumps
    INF-203x Dumps
    INF-204x Dumps
    INF-205x Dumps
    INF-206x Dumps
    MB2-700 Dumps
    MB2-701 Dumps
    MB2-702 Dumps
    MB2-703 Dumps
    MB2-704 Dumps
    MB2-706 Dumps
    MB2-707 Dumps
    MB2-708 Dumps
    MB2-709 Dumps
    MB2-710 Dumps
    MB2-711 Dumps
    MB2-712 Dumps
    MB2-713 Dumps
    MB2-714 Dumps
    MB2-715 Dumps
    MB2-716 Dumps
    MB2-717 Dumps
    MB2-718 Dumps
    MB2-719 Dumps
    MB2-877 Dumps
    MB5-705 Dumps
    MB6-700 Dumps
    MB6-701 Dumps
    MB6-702 Dumps
    MB6-703 Dumps
    MB6-704 Dumps
    MB6-705 Dumps
    MB6-884 Dumps
    MB6-885 Dumps
    MB6-886 Dumps
    MB6-889 Dumps
    MB6-890 Dumps
    MB6-892 Dumps
    MB6-893 Dumps
    MB6-894 Dumps
    MB6-895 Dumps
    MB6-896 Dumps
    MB6-897 Dumps
    MB6-898 Dumps