[Free] 2018(June) Ensurepass Microsoft 70-640 Dumps with VCE and PDF 131-140

Ensurepass.com : Ensure you pass the IT Exams
2018 May Microsoft Official New Released 70-640
100% Free Download! 100% Pass Guaranteed!

Windows Server 2008 Active Directory, Configuring

Question No: 131 – (Topic 2)

You are an administrator at ABC.com. Company has a RODC (read-only domain controller) server at a remote location. The remote location doesn#39;t have proper physical security.

You need to activate nonadministrative accounts passwords on that RODC server.

Which of the following action should be considered to populate the RODC server with non- administrative accounts passwords?

  1. Delete all administrative accounts from the RODC#39;s group

  2. Configure the permission to Deny on Receive for administrative accounts on the security tab for Group Policy Object (GPO)

  3. Configure the administrative accounts to be added in the Domain RODC Password Replication Denied group

  4. Add a new GPO and enable Account Lockout settings. Link it to the remote RODC server and on the security tab on GPO, check the Read Allow and the Apply group policy permissions for the administrators.

  5. None of the above

Answer: C

Ensurepass 2018 PDF and VCE


C:\Documents and Settings\usernwz1\Desktop\1.PNG http://technet.microsoft.com/en-us/library/cc770320(v=ws.10).aspx

Advantages That an RODC Can Provide to an Existing Deployment Branch office server administration. RODCs provide Administrator Role Separation (ARS), which you can use to delegate administration of an RODC to a nonadministrative user or group. This means that it is not necessary for a highly privileged administrator to log on to the domain controller in the branch office to perform routine server maintenance.

http://technet.microsoft.com/en-us/library/cc730883(v=ws.10).aspx Password Replication Policy

When you initially deploy an RODC, you must configure the Password Replication Policy

on the writable domain controller that will be its replication partner.

The Password Replication Policy acts as an access control list (ACL). It determines if an RODC should be permitted to cache a password. After the RODC receives an authenticated user or computer logon request, it refers to the Password Replication Policy to determine if the password for the account should be cached. The same account can then perform subsequent logons more efficiently.

The Password Replication Policy lists the accounts that are permitted to be cached, and accounts that are explicitly denied from being cached. The list of user and computer accounts that are permitted to be cached does not imply that the RODC has necessarily cached the passwords for those accounts. An administrator can, for example, specify in advance any accounts that an RODC will cache. This way, the RODC can authenticate those accounts, even if the WAN link to the hub site is offline.

Password Replication Policy Allowed and Denied lists Two new built-in groups are introduced in Windows Server 2008 Active Directory domains to support RODC operations. These are the Allowed RODC Password Replication Group and Denied RODC Password Replication Group.

The combination of the Allowed List and Denied List attributes for each RODC and the domain-wide Denied RODC Password Replication Group and Allowed RODC Password Replication Group give administrators great flexibility. They can decide precisely which accounts can be cached on specific RODCs.

Ensurepass 2018 PDF and VCE

C:\Documents and Settings\usernwz1\Desktop\1.PNG

Question No: 132 – (Topic 2)

You are decommissioning one of the domain controllers in a child domain.

You need to transfer all domain operations master roles within the child domain to a newly installed domain controller in the same child domain.

Which three domain operations master roles should you transfer? (Each correct answer presents part of the solution. Choose three.)

  1. RID master

  2. PDC emulator

  3. Schema master

  4. Infrastructure master

  5. Domain naming master

Answer: A,B,D Explanation:

http://technet.microsoft.com/en-us/library/cc781578(v=ws.10).aspx Transferring operations master roles

Transferring an operations master role means moving it from one domain controller to another with the cooperation of the original role holder. Depending upon the operations master role to be transferred, you perform the role transfer using one of the three Active Directory consoles in Microsoft Management Console (MMC).

Ensurepass 2018 PDF and VCE

C:\Documents and Settings\usernwz1\Desktop\1.PNG

Question No: 133 – (Topic 2)

Your network contains an Active Directory domain. The domain contains a server named Server1.Server1 runs Windows Server 2008 R2.

You need to mount an Active Directory Lightweight Directory Services (AD LDS) snapshot from Server1.

What should you do?

  1. Run ldp.exe and use the Bind option.

  2. Run diskpart.exe and use the Attach option.

  3. Run dsdbutil.exe and use the snapshot option.

  4. Run imagex.exe and specify the /mount parameter.

Answer: C Explanation:

http://technet.microsoft.com/en-us/library/cc753151(v=ws.10).aspx Dsdbutil

Performs database maintenance of the Active Directory Domain Services (AD DS) store, facilitates configuration of Active Directory Lightweight Directory Services (AD LDS) communication ports, and views AD LDS instances that are installed on a computer.

Commands snapshot

Manages snapshots.


snapshot Manages snapshots of the volumes that contain the Active Directory database and log files, which you can view on a domain controller without starting in Directory Services Restore Mode (DSRM). You can also run the snapshot subcommand on an Active Directory Lightweight Directory Services (AD LDS) server.

This is a subcommand of Ntdsutil and Dsdbutil. Ntdsutil and Dsdbutil are command-line tools that are built into Windows Server 2008 and Windows Server 2008 R2.

Syntax activate instance %s [create] [delete %s] [unmount %s] [list all] [list mounted ] [mount %s] [quit]


Mount %s Mounts a snapshot with GUID %s. You can refer to an index number of any mounted snapshot instead of its GUID.

Question No: 134 – (Topic 2)

Company has servers on the main network that run Windows Server 2008. It also has two domain controllers.

Active Directory services are running on a domain controller named CKDC1.

You have to perform critical updates of Windows Server 2008 on CKDC1 without rebooting the server.

What should you do to perform offline critical updates on CKDC1 without rebooting the server?

  1. Start the Active Directory Domain Services on CKDC1

  2. Disconnect from the network and start the Windows update feature

  3. Stop the Active Directory domain services and install the updates. Start the Active Directory domain services after installing the updates.

  4. Stop Active Directory domain services and install updates. Disconnect from the network and then connect again.

  5. None of the above

Answer: C Explanation:

Personal comment: I don#39;t believe you can avoid restarting the server when installing some (not all) updates

http://class10e.com/Microsoft/what-should-you-do-to-perform-offline-critical-updates-on- ckdc1-withoutrebooting-the-server/

To perform offline critical updates on CKDC1 without rebooting the server, you should stop the Active Directory domain services and install the updates. Start the Active Directory domain services after installing the updates.

By stopping the Active Directory domain services, you don’t need to reboot the server. The updates are related to the Windows Server 2008 on CKDC1 so when you stop the Active Directory domain services and start it again after the installation of the updates, the Server will perform in a normal way.

Question No: 135 – (Topic 2)

Your company asks you to implement Windows Cardspace in the domain. You want to use Windows Cardspace at your home.

Your home and office computers run Windows Vista Ultimate.

What should you do to create a backup copy of Windows Cardspace cards to be used at home?

  1. Log on with your administrator account and copy \Windows\ServiceProfiles folder to your USB drive

  2. Backup \Windows\Globalization folder by using backup status and save the folder on your USB drive

  3. Back up the system state data by using backup status tool on your USB drive

  4. Employ Windows Cardspace application to backup the data on your USB drive.

  5. Reformat the C: Drive

  6. None of the above

Answer: D Explanation:

http://windows.microsoft.com/en-us/windows7/windows-cardspace-for-itpros# BKMK_HowdoIbackupmycardsortransferthemtoanothercomputer

Windows CardSpace for IT pros

Microsoft Windows CardSpace鈩?is a system for creating relationships with websites and online services.

Windows CardSpace provides a consistent way for: Sites to request information from you.

You to review the identity of a site.

You to manage your information by using Information Cards. You to review card information before you send it.

Windows CardSpace can replace the user names and passwords that you use to register with and log on to websites and online services.

15. How do I back up my cards or transfer them to another computer?

Cards are stored on your computer in an encrypted format. To save a backup file containing some or all of your cards or to use a card on a different computer, you can save cards to a backup card file.

To back up your cards:

  1. Start Windows CardSpace.

  2. View all your cards.

  3. In the pane on the right of your screen, click Back up cards.

  4. Select the cards that you want to back up.

  5. Browse to the folder where you want to save the backup card file, and then give it a name.

When you complete these steps, you save a file containing some or all of your cards. You can copy the backup card file to media such as a Universal Serial Bus (USB) storage device, CD, or other digital media. You can restore the backup card file on this computer or on another computer.

To restore your cards

  1. Save the backup card file to the computer.

  2. Browse to the location of the file on the computer.

  3. Double-click the file, and then follow the instructions to restore the cards.

    Question No: 136 – (Topic 2)

    One of the remote branch offices is running a Windows Server 2008 read only domain controller (RODC). For security reasons you don#39;t want some critical credentials like (passwords, encryption keys) to be stored on RODC.

    What should you do so that these credentials are not replicated to any RODC#39;s in the forest? (Select 2)

    1. Configure RODC filtered attribute set on the server

    2. Configure RODC filtered set on the server that holds Schema Operations Master role.

    3. Delegate local administrative permissions for an RODC to any domain user without granting that user any user rights for the domain

    4. Configure forest functional level server for Windows server 2008 to configure filtered attribute set.

    5. None of the above

Answer: B,D Explanation:

http://technet.microsoft.com/en-us/library/cc753223.aspx Adding attributes to the RODC filtered attribute set

The RODC filtered attribute set is a dynamic set of attributes that is not replicated to any RODCs in the forest. You can configure the RODC filtered attribute set on a schema master that runs Windows Server

2008. When the attributes are prevented from replicating to RODCs, that data cannot be exposed unnecessarily if an RODC is stolen or compromised.

A malicious user who compromises an RODC can attempt to configure it in such a way that it tries to replicate attributes that are defined in the RODC filtered attribute set. If the RODC tries to replicate those attributes from a domain controller that is running Windows Server 2008, the replication request is denied. However, if the RODC tries to replicate those attributes from a domain controller that is running Windows Server 2003, the replication request could succeed.

Therefore, as a security precaution, ensure that forest functional level is Windows Server 2008 if you plan to configure the RODC filtered attribute set. When the forest functional level is Windows Server 2008, an RODC that is compromised cannot be exploited in this manner because domain controllers that are running Windows Server 2003 are not allowed in the forest.

Question No: 137 – (Topic 2)

Your network contains an Active Directory domain. The domain contains three domain controllers.

One of the domain controllers fails.

Seven days later, the help desk reports that it can no longer create user accounts. You need to ensure that the help desk can create new user accounts.

Which operations master role should you seize?

  1. domain naming master

  2. infrastructure master

  3. primary domain controller (PDC) emulator

  4. RID master

  5. schema master

Answer: D Explanation:

http://technet.microsoft.com/en-us/library/cc773108(v=ws.10).aspx Operations master roles

Active Directory supports multimaster replication of the directory data store between all domain controllers (DC) in the domain, so all domain controllers in a domain are essentially peers. However, some changes are impractical to perform in using multimaster replication, so, for each of these types of changes, one domain controller, called the operations master, accepts requests for such changes.

In every forest, there are at least five operations master roles that are assigned to one or more domain controllers. Forest-wide operations master roles must appear only once in every forest. Domain-wide operations master roles must appear once in every domain in the forest.

RID master

The RID master allocates sequences of relative IDs (RIDs) to each of the various domain controllers in its domain. At any time, there can be only one domain controller acting as the RID master in each domain in the forest.

Whenever a domain controller creates a user, group, or computer object, it assigns the object a unique security ID (SID). The SID consists of a domain SID, which is the same for all SIDs created in the domain, and a RID, which is unique for each SID created in the domain.

To move an object between domains (using Movetree.exe), you must initiate the move on the domain controller acting as the RID master of the domain that currently contains the object.

http://www.techrepublic.com/article/step-by-step-learn-how-to-transfer-and-seize-fsmo- roles-in-activedirectory/


Step-By-Step: Learn how to transfer and seize FSMO roles in Active Directory http://www.petri.co.il/seizing_fsmo_roles.htm

Seizing FSMO Roles

Question No: 138 – (Topic 2)

Your network contains an Active Directory domain.

You have a server named Server1 that runs Windows Server 2008 R2. Server1 is an enterprise root certification authority (CA).

You have a client computer named Computer1 that runs Windows 7.

You enable automatic certificate enrollment for all client computers that run Windows 7.

You need to verify that the Windows 7 client computers can automatically enroll for certificates.

Which command should you run on Computer1?

  1. certreq.exe retrieve

  2. certreq.exe submit

  3. certutil.exe getkey

  4. certutil.exe pulse

Answer: D Explanation:

http://social.technet.microsoft.com/Forums/en-US/winserversecurity/thread/795f209d-b056- 4de8-8dcf-7c7f80529aab/

What does quot;certutil -pulsequot; command do?

Certutil -pulse will initiate autoenrollment requests.

It is equivalent to doing the following in the CertMgr.msc console (in Vista and Windows 7) Right-click Certificates , point to All Tasks , click Automatically Enroll and Retrieve Certificates.

The command does require that

  • any autoenrollment GPO settings have already been applied to the target user or computer

  • a certificate template enables Read, Enroll and Autoenroll permissions for the user or a global or universal group containing the user

  • The group membership is recognized in the users Token (they have logged on after the membership was added

http://technet.microsoft.com/library/cc732443.aspx Certutil

Certutil.exe is a command-line program that is installed as part of Certificate Services. You can use Certutil.exe to dump and display certification authority (CA) configuration information, configure Certificate Services, backup and restore CA components, and verify certificates, key pairs, and certificate chains.

When certutil is run on a certification authority without additional parameters, it displays the current certification authority configuration. When cerutil is run on a non-certification authority, the command defaults to running the certutil -dump verb.


The following table describes the verbs that can be used with the certutil command. pulse

Pulse auto enrollment events

Question No: 139 – (Topic 2)

Active Directory Rights Management Services (AD RMS) is deployed on your network.

Users who haveWindows Mobile 6 devices report that they cannot access documents that are protected by AD RMS.

You need to ensure that all users can access AD RMS protected content by using Windows Mobile 6 devices.

What should you do?

  1. Modify the security of the ServerCertification.asmx file.

  2. Modify the security of the MobileDeviceCertification.asmx file.

  3. Enable anonymous authentication for the _wmcs virtual directory.

  4. Enable anonymous authentication for the certification virtual directory.

Answer: B Explanation:

http://technet.microsoft.com/en-us/library/ff608252(v=ws.10).aspx Windows Mobile Considerations for AD RMS

AD RMS and Windows Mobile Requirements

Active Directory Rights Management Services (AD RMS) integrates with Microsoft Windows Mobile庐 in Windows Mobile 6 and later devices. End users can create and consume protected e-mail messages and can read protected Microsoft Office documents on their Windows Mobile device.

AD RMS client capabilities are embedded in the operating system of Windows Mobile 6 and later devices. There is no AD RMS client available for Windows Mobile 5.0 or earlier; AD RMS can be used only on devices with Windows Mobile 6 and later. There is full interoperability when sharing AD RMS protected content between the different versions and editions of Windows Mobile 6 or later.

By default the Discretionary access control lists (DACLs) of the AD RMS mobile certification pipeline is restricted and must be enabled for Windows Mobile 6 or later devices to obtain certificates and licenses to create and consume AD RMS protected content. You can enable the certification of mobile devices by giving the AD RMS Service Group and the user account objects of the AD RMS-enabled application Read and Read amp; Execute permissions to the MobileDeviceCertification.asmx file. This file is located under

%systemdrive%\Inetpub\wwwroot\_wmcs\Certification by default. You must complete this process on each AD RMS server in the cluster.

Question No: 140 – (Topic 2)

Company has an Active Directory forest with six domains. The company has 5 sites. The company requires a new distributed application that uses a custom application directory partition named ResData for data replication.

The application is installed on one member server in five sites.

You need to configure the five member servers to receive the ResData application directory partition for data replication.

What should you do?

  1. Run the Dcpromo utility on the five member servers.

  2. Run the Regsvr32 command on the five member servers

  3. Run the Webadmin command on the five member servers

  4. Run the RacAgent utility on the five member servers

Answer: A Explanation:


Dcpromo Syntax dcpromo [/answer[:lt;filenamegt;] | /unattend[:lt;filenamegt;] | /unattend | /adv]

/uninstallBinaries [/CreateDCAccount | /UseExistingAccount:Attach] /? /?[:{Promotion | CreateDCAccount | UseExistingAccount |Demotion}]dcpromo Promotion operation parameters:


Specifies the application directory partitions that dcpromo will replicate. Use the following format: quot;partition1quot; quot;partition2quot; quot;partitionNquot;

Use * to replicate all application directory partitions.

100% Ensurepass Free Download!
Download Free Demo:70-640 Demo PDF
100% Ensurepass Free Guaranteed!
Download 2018 EnsurePass 70-640 Full Exam PDF and VCE

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

Leave a Reply

Your email address will not be published. Required fields are marked *

  • Categories

  • Tags

  • Hot Exams

  • Hot Exams

  • Hot Catageories

  • microsoft dumps

    62-193 Dumps
    70-243 Dumps
    70-246 Dumps
    70-247 Dumps
    70-331 Dumps
    70-332 Dumps
    70-333 Dumps
    70-334 Dumps
    70-339 Dumps
    70-341 Dumps
    70-342 Dumps
    70-345 Dumps
    70-346 Dumps
    70-347 Dumps
    70-348 Dumps
    70-354 Dumps
    70-355 Dumps
    70-357 Dumps
    70-383 Dumps
    70-384 Dumps
    70-385 Dumps
    70-398 Dumps
    70-410 Dumps
    70-411 Dumps
    70-412 Dumps
    70-413 Dumps
    70-414 Dumps
    70-417 Dumps
    70-461 Dumps
    70-462 Dumps
    70-463 Dumps
    70-464 Dumps
    70-465 Dumps
    70-466 Dumps
    70-467 Dumps
    70-469 Dumps
    70-470 Dumps
    70-473 Dumps
    70-475 Dumps
    70-480 Dumps
    70-481 Dumps
    70-482 Dumps
    70-483 Dumps
    70-484 Dumps
    70-485 Dumps
    70-486 Dumps
    70-487 Dumps
    70-488 Dumps
    70-489 Dumps
    70-490 Dumps
    70-491 Dumps
    70-492 Dumps
    70-494 Dumps
    70-496 Dumps
    70-497 Dumps
    70-498 Dumps
    70-499 Dumps
    70-517 Dumps
    70-532 Dumps
    70-533 Dumps
    70-534 Dumps
    70-535 Dumps
    70-537 Dumps
    70-640 Dumps
    70-642 Dumps
    70-646 Dumps
    70-673 Dumps
    70-680 Dumps
    70-681 Dumps
    70-682 Dumps
    70-684 Dumps
    70-685 Dumps
    70-686 Dumps
    70-687 Dumps
    70-688 Dumps
    70-689 Dumps
    70-692 Dumps
    70-694 Dumps
    70-695 Dumps
    70-696 Dumps
    70-697 Dumps
    70-698 Dumps
    70-703 Dumps
    70-705 Dumps
    70-713 Dumps
    70-734 Dumps
    70-735 Dumps
    70-740 Dumps
    70-741 Dumps
    70-742 Dumps
    70-743 Dumps
    70-744 Dumps
    70-745 Dumps
    70-761 Dumps
    70-762 Dumps
    70-764 Dumps
    70-765 Dumps
    70-767 Dumps
    70-768 Dumps
    70-773 Dumps
    70-774 Dumps
    70-775 Dumps
    70-776 Dumps
    70-778 Dumps
    70-779 Dumps
    70-980 Dumps
    70-981 Dumps
    70-982 Dumps
    74-343 Dumps
    74-344 Dumps
    74-409 Dumps
    74-678 Dumps
    74-697 Dumps
    77-418 Dumps
    77-419 Dumps
    77-420 Dumps
    77-421 Dumps
    77-422 Dumps
    77-423 Dumps
    77-424 Dumps
    77-425 Dumps
    77-426 Dumps
    77-427 Dumps
    77-428 Dumps
    77-600 Dumps
    77-601 Dumps
    77-602 Dumps
    77-603 Dumps
    77-604 Dumps
    77-605 Dumps
    77-725 Dumps
    77-726 Dumps
    77-727 Dumps
    77-728 Dumps
    77-729 Dumps
    77-730 Dumps
    77-731 Dumps
    77-853 Dumps
    77-881 Dumps
    77-882 Dumps
    77-883 Dumps
    77-884 Dumps
    77-885 Dumps
    77-886 Dumps
    77-887 Dumps
    77-888 Dumps
    77-891 Dumps
    98-349 Dumps
    98-361 Dumps
    98-362 Dumps
    98-363 Dumps
    98-364 Dumps
    98-365 Dumps
    98-366 Dumps
    98-367 Dumps
    98-368 Dumps
    98-369 Dumps
    98-372 Dumps
    98-373 Dumps
    98-374 Dumps
    98-375 Dumps
    98-379 Dumps
    98-380 Dumps
    98-381 Dumps
    98-382 Dumps
    98-383 Dumps
    98-388 Dumps
    AZ-100 Dumps
    AZ-101 Dumps
    AZ-102 Dumps
    INF-203x Dumps
    INF-204x Dumps
    INF-205x Dumps
    INF-206x Dumps
    MB2-700 Dumps
    MB2-701 Dumps
    MB2-702 Dumps
    MB2-703 Dumps
    MB2-704 Dumps
    MB2-706 Dumps
    MB2-707 Dumps
    MB2-708 Dumps
    MB2-709 Dumps
    MB2-710 Dumps
    MB2-711 Dumps
    MB2-712 Dumps
    MB2-713 Dumps
    MB2-714 Dumps
    MB2-715 Dumps
    MB2-716 Dumps
    MB2-717 Dumps
    MB2-718 Dumps
    MB2-719 Dumps
    MB2-877 Dumps
    MB5-705 Dumps
    MB6-700 Dumps
    MB6-701 Dumps
    MB6-702 Dumps
    MB6-703 Dumps
    MB6-704 Dumps
    MB6-705 Dumps
    MB6-884 Dumps
    MB6-885 Dumps
    MB6-886 Dumps
    MB6-889 Dumps
    MB6-890 Dumps
    MB6-892 Dumps
    MB6-893 Dumps
    MB6-894 Dumps
    MB6-895 Dumps
    MB6-896 Dumps
    MB6-897 Dumps
    MB6-898 Dumps