[Free] 2018(June) Ensurepass Microsoft 70-640 Dumps with VCE and PDF 371-380

Ensurepass.com : Ensure you pass the IT Exams
2018 May Microsoft Official New Released 70-640
100% Free Download! 100% Pass Guaranteed!

Windows Server 2008 Active Directory, Configuring

Question No: 371 – (Topic 4)

A corporate environment includes a Windows Server 2008 R2 Active Directory Domain Services (AD DS) domain.

You need to enable Universal Group Membership Caching on several domain controllers in the domain.

Which tool should you use?

  1. Dsmod

  2. Dscmd

  3. Ntdsutil

  4. Active Directory Sites and Services console

    Answer: D



    Enable Universal Group Membership Caching in a Site

    In a branch site that has no global catalog server and in a forest that has multiple domains, you can use this procedure to enable Universal Group Membership Caching on a domain controller in the site so that a global catalog server does not have to be contacted across a wide area network (WAN) link for every initial user logon.

    To enable Universal Group Membership Caching in a site

    1. Open Active Directory Sites and Services.

    2. In the console tree, expand Sites, and then click the site in which you want to enable Universal Group Membership Caching.

    3. In the details pane, right-click the NTDS Site Settings object, and then click Properties.

    4. Under Universal Group Membership Caching, select Enable Universal Group Membership Caching.

    5. In the Refresh cache from list, click the site that you want the domain controller to contact when the

      Universal Group membership cache must be updated, and then click OK.

      Question No: 372 – (Topic 4)

      Your network contains an Active Directory domain named adatum.com. The domain contains a domain controller named DC1. DC1 has an IP address of

      You need to identify the zone that contains the Pointer (PTR) record for DC1. Which zone should you identify?

      1. adatum.com

      2. _msdcs.adatum.com

        C. 100.168.192.in-addr.arpa

        D. 200.168.192.in-addr.arpa

        Answer: D Explanation:

        Reference 1:

        MCTS 70-640 Cert Guide: Windows Server 2008 Active Directory, Configuring (Pearson IT Certification, 2010) page 57

        Reverse lookup: This occurs when a client computer knows the IP address of another computer and requires its hostname, which can be found in the DNS server’s PTR (pointer) resource record.

        Reference 2:

        MCTS 70-640 Cert Guide: Windows Server 2008 Active Directory, Configuring (Pearson IT Certification, 2010) page 45/730

        You are configuring a reverse lookup zone for your network, which uses the Class C network address range of Which of the following addresses should you use for the reverse lookup zone?

        1. 5.168.192.in-addr.arpa b.

  1. 192.168.5.in-addr.arpa d.

    The reverse lookup zone contains octets of the network portion of the IP address in reverse sequence and uses a special domain name ending in in-addr.arpa. Thus the correct address is 5.168.192.in-addr.arpa. You do not use the host portion of the IP address, so is incorrect. The octets must be specified in reverse sequence, so the other two choices are both incorrect.

    Question No: 373 – (Topic 4)

    Your network contains an Active Directory forest named contoso.com. The functional level of the forest is Windows Server 2008 R2. The forest contains a single domain.

    You need to ensure that objects can be restored from the Active Directory Recycle Bin. Which tool should you use?

    1. Ntdsutil

    2. Set-ADDomain

    3. Dsamain

    4. Enable-ADOptionalFeature

Answer: D Explanation:

Similar question to question E/Q28 Reference:


Enabling Active Directory Recycle Bin

After the forest functional level of your environment is set to Windows Server 2008 R2, you can enable Active Directory Recycle Bin by using the following methods:

Enable-ADOptionalFeature Active Directory module cmdlet (This is the recommended method.)


Question No: 374 – (Topic 4)

Your network contains a single Active Directory domain. The domain contains an enterprise certification authority (CA).

You need to ensure that the encryption keys for e-mail certificates can be recovered from

the CA database.

You modify the e-mail certificate template to support key archival. What should you do next?

  1. Issue the key recovery agent certificate template.

  2. Run certutil.exe -recoverkey.

  3. Run certreq.exe-policy.

  4. Modify the location of the Authority Information Access (AIA) distribution point.

Answer: A


http://technet.microsoft.com/en-us/library/cc770588.aspx Identify a Key Recovery Agent

A key recovery agent is a person who is authorized to recover a certificate on behalf of an end user. Because the role of key recovery agents can involve sensitive data, only highly trusted individuals should be assigned to this role.

To identify a key recovery agent, you must configure the Key Recovery Agent certificate template to allow the person assigned to this role to enroll for a key recovery agent certificate.

Question No: 375 – (Topic 4)

Your network contains an enterprise certification authority (CA) that runs Windows Server 2008 R2 Enterprise.

You need to ensure that users can enroll for certificates that use the IPSEC (Offline request) certificate template

Which snap-in should you use?

  1. Enterprise PKI

  2. TPM Management

  3. Certificates

  4. Active Directory Users and Computers

  5. Authorization Manager

  6. Certification Authority

  7. Group Policy Management

  8. Security Templates

  9. Certificate Templates

Answer: I


http://social.technet.microsoft.com/Forums/en/winserversecurity/thread/962be5d1-d824- 4dd8-a501-3c3a9d600083

The user should have proper permission on Certificate Templates. Please follow the steps below for troubleshooting:

  1. Open MMC, add Certificate Templates snap-in.

  2. Double-click IPSec (Offline Request), switch to Security tab, give the user Read and Enroll rights.

  3. Close and restart IE on clients computer to test.

    Question No: 376 – (Topic 4)

    You install an Active Directory domain in a test environment.

    You need to reset the passwords of all the user accounts in the domain from a domain controller.

    Which two Windows PowerShell commands should you run? (Each correct answer presents part of the solution, choose two.)

    1. $ newPassword = *

    2. Import-Module ActiveDirectory

    3. Import-Module WebAdministration

    4. Get- AdUser -filter * | Set- ADAccountPossword – NewPassword $ newPassword – Reset

    5. Set- ADAccountPossword – NewPassword – Reset

    6. $ newPassword = (Read-Host – Prompt quot;New Passwordquot; – AsSecureString )

    7. Import-Module ServerManager

Answer: D,F Explanation:

First we create a variable, $newPassword, and prompt the user for the password to assign it to the variable.

Next we use Get-ADUser -filter * to collect all user accounts and pipe it through to SetADAccountPassword to assign the $newPassword variable to every account#39;s new password.

Note that Set- ADAccountPossword must be a typo. Reference 1:


Prompting a User to Enter Information

The Read-Host cmdlet enables you to interactively prompt a user for information. For example, this command prompts the user to enter his or her name, then stores that name in the variable $Name (to answer the prompt, type a name and then press ENTER):

$Name = Read-Host quot;Please enter your namequot; Reference 2:

http://technet.microsoft.com/en-us/library/ee617241.aspx Get-ADUser Gets one or more Active Directory users.

Reference 3:


Set-ADAccountPassword Modifies the password of an Active Directory account. Parameters


Specifies a new password value. Reset

Specifies to reset the password on an account. When you use this parameter, you must set the NewPassword parameter. You do not need to specify the OldPassword parameter.

Question No: 377 – (Topic 4)

A corporate network includes an Active Directory-integrated zone. All DNS servers that

host the zone are domain controllers.

You add multiple DNS records to the zone.

You need to ensure that the new records are available on all DNS servers as soon as possible.

Which tool should you use?

  1. Ldp

  2. Repadmin

  3. Ntdsutil

  4. Nslookup

  5. Active Directory Sites And Services console

  6. Active Directory Domains And Trusts console

  7. Dnslint

  8. Dnscmd

Answer: B Explanation:

To make sure that the new DNS records are replicated to all DNS servers we can use the repadmin tool.


http://technet.microsoft.com/en-us/library/cc811569.aspx Forcing Replication

Sometimes it becomes necessary to forcefully replicate objects and entire partitions between domain controllers that may or may not have replication agreements.

Force a replication event with all partners

The repadmin /syncall command synchronizes a specified domain controller with all replication partners.


repadmin /syncall lt;DCgt; [lt;NamingContextgt;] [lt;Flagsgt;] Parameters


Specifies the host name of the domain controller to synchronize with all replication



Specifies the distinguished name of the directory partition.


Performs specific actions during the replication.

Question No: 378 – (Topic 4)

You create a standard primary zone for contoso.com.

You need to specify a user named Admin1 as the person responsible for managing the zone.

What should you do? (Each correct answer presents a complete solution. Choose two.)

  1. Open the %Systemroot\System32\DNS\Contoso.com.dns file by using Notepad and change all instances of quot;hostmaster.contoso.comquot; to quot;admin1.contoso.comquot;.

  2. From DNS Manager, open the properties of the Start of Authority (SOA) record ofcontoso.com, Specify admin1.contoso.com as the responsible person.

  3. Open the %Systemroot\System32\DNS\Contoso.com.dns file by using Notepad and change all instances of quot;hostmaster@contoso.comquot; to quot;admin1@contoso.comquot;.

  4. From DNS Manager, open the properties of the Start of Authority (SOA) record ofcontoso.com.Specify admin1@contoso.com as the responsible person.

    Answer: A,B Explanation:

    Reference 1:


    To modify the start of authority (SOA) resource record for a zone using the Windows interface

    1. Open DNS Manager.

    2. In the console tree, right-click the applicable zone, and then click Properties.

    3. Click the Start of Authority (SOA) tab.

    4. As needed, modify properties for the start of authority (SOA) resource record.

    5. Click OK to save the modified properties.

      Reference 2:

      http://technet.microsoft.com/en-us/library/dd197495.aspx The SOA resource record contains the following information: SOA resource record fields

      Responsible person The e-mail address of the person responsible for administering the zone. A period (.) is used instead of an at sign (@) in this e-mail name.


      Question No: 379 – (Topic 4)

      A corporate network includes a single Active Directory Domain Services (AD DS) domain and two AD DS sites.

      The AD DS sites are named Toronto and Montreal. Each site has multiple domain controllers.

      You need to determine which domain controller holds the Inter-Site Topology Generator role for the Toronto site.

      What should you do?

      1. Use the Active Directory Sites and Services console to view the NTDS Site Settings for the Toronto site.

      2. Use the Ntdsutil tool with the roles parameter.

      3. Use the Ntdsutil tool with the LDAP policies parameter.

      4. Use the Active Directory Sites and Services console to view the properties of each domain controller in the Toronto site.

        Answer: A


        http://technet.microsoft.com/en-us/library/cc794776.aspx Determine the ISTG Role Owner for a Site

        The Intersite Topology Generator (ISTG) is the domain controller in each site that is responsible for generating the intersite topology. If you want to regenerate the intersite topology, you must determine the identity of the ISTG role owner in a site. You can use this procedure to view the NTDS Site Settings object properties and determine the ISTG role owner for the site.

        To determine the ISTG role owner for a site

        1. Open Active Directory Sites and Services.

        2. In the console tree, click the site object whose ISTG role owner you want to determine.

        3. In the details pane, right-click the NTDS Site Settings object, and then click Properties. The current role owner appears in the Server box under Inter-Site Topology Generator.

          Question No: 380 – (Topic 4)

          Your network contains an Active Directory forest. The forest contains three domains. All domain controllers have the DNS Server server role installed.

          The forest contains three sites named Site1, Site2, and Site3. Each site contains the users, client computers, and domain controllers of each domain. Site1 contains the first domain controller deployed to the forest.

          The sites connect to each other by using unreliable WAN links.

          The users in Site2 and Site3 report that is takes a long time to log on to their client computer when they use their user principal name (UPN). The users in Site1 do not experience the same issue.

          You need to reduce the amount of time it takes for the Site2 users and the Site3 users to log on to their client computer by using their UPN.

          What should you do?

          1. Configure a global catalog server in Site2 and a global catalog server in Site3.

          2. Reduce the replication interval of the site links.

          3. Move a primary domain controller (PDC) emulator to Site2 and to Site3.

          4. Add additional domain controllers to Site2 and to Site3.

          5. Reduce the cost of the site links.

          6. Enable universal group membership caching in Site2 and in Site3.

            Answer: A


            http://technet.microsoft.com/en-us/library/cc728188.aspx Common Global Catalog Scenarios

            The following events require a global catalog server:

            (…) User logon. In a forest that has more than one domain, two conditions require the global catalog during user authentication:

            1. When a user principal name (UPN) is used at logon and the forest has more than one domain, a global catalog server is required to resolve the name.

              2. (…)

              100% Ensurepass Free Download!
              Download Free Demo:70-640 Demo PDF
              100% Ensurepass Free Guaranteed!
              Download 2018 EnsurePass 70-640 Full Exam PDF and VCE

              EnsurePass ExamCollection Testking
              Lowest Price Guarantee Yes No No
              Up-to-Dated Yes No No
              Real Questions Yes No No
              Explanation Yes No No
              PDF VCE Yes No No
              Free VCE Simulator Yes No No
              Instant Download Yes No No

Leave a Reply

Your email address will not be published. Required fields are marked *

  • Categories

  • Tags

  • Hot Exams

  • Hot Exams

  • Hot Catageories

  • microsoft dumps

    62-193 Dumps
    70-243 Dumps
    70-246 Dumps
    70-247 Dumps
    70-331 Dumps
    70-332 Dumps
    70-333 Dumps
    70-334 Dumps
    70-339 Dumps
    70-341 Dumps
    70-342 Dumps
    70-345 Dumps
    70-346 Dumps
    70-347 Dumps
    70-348 Dumps
    70-354 Dumps
    70-355 Dumps
    70-357 Dumps
    70-383 Dumps
    70-384 Dumps
    70-385 Dumps
    70-398 Dumps
    70-410 Dumps
    70-411 Dumps
    70-412 Dumps
    70-413 Dumps
    70-414 Dumps
    70-417 Dumps
    70-461 Dumps
    70-462 Dumps
    70-463 Dumps
    70-464 Dumps
    70-465 Dumps
    70-466 Dumps
    70-467 Dumps
    70-469 Dumps
    70-470 Dumps
    70-473 Dumps
    70-475 Dumps
    70-480 Dumps
    70-481 Dumps
    70-482 Dumps
    70-483 Dumps
    70-484 Dumps
    70-485 Dumps
    70-486 Dumps
    70-487 Dumps
    70-488 Dumps
    70-489 Dumps
    70-490 Dumps
    70-491 Dumps
    70-492 Dumps
    70-494 Dumps
    70-496 Dumps
    70-497 Dumps
    70-498 Dumps
    70-499 Dumps
    70-517 Dumps
    70-532 Dumps
    70-533 Dumps
    70-534 Dumps
    70-535 Dumps
    70-537 Dumps
    70-640 Dumps
    70-642 Dumps
    70-646 Dumps
    70-673 Dumps
    70-680 Dumps
    70-681 Dumps
    70-682 Dumps
    70-684 Dumps
    70-685 Dumps
    70-686 Dumps
    70-687 Dumps
    70-688 Dumps
    70-689 Dumps
    70-692 Dumps
    70-694 Dumps
    70-695 Dumps
    70-696 Dumps
    70-697 Dumps
    70-698 Dumps
    70-703 Dumps
    70-705 Dumps
    70-713 Dumps
    70-734 Dumps
    70-735 Dumps
    70-740 Dumps
    70-741 Dumps
    70-742 Dumps
    70-743 Dumps
    70-744 Dumps
    70-745 Dumps
    70-761 Dumps
    70-762 Dumps
    70-764 Dumps
    70-765 Dumps
    70-767 Dumps
    70-768 Dumps
    70-773 Dumps
    70-774 Dumps
    70-775 Dumps
    70-776 Dumps
    70-778 Dumps
    70-779 Dumps
    70-980 Dumps
    70-981 Dumps
    70-982 Dumps
    74-343 Dumps
    74-344 Dumps
    74-409 Dumps
    74-678 Dumps
    74-697 Dumps
    77-418 Dumps
    77-419 Dumps
    77-420 Dumps
    77-421 Dumps
    77-422 Dumps
    77-423 Dumps
    77-424 Dumps
    77-425 Dumps
    77-426 Dumps
    77-427 Dumps
    77-428 Dumps
    77-600 Dumps
    77-601 Dumps
    77-602 Dumps
    77-603 Dumps
    77-604 Dumps
    77-605 Dumps
    77-725 Dumps
    77-726 Dumps
    77-727 Dumps
    77-728 Dumps
    77-729 Dumps
    77-730 Dumps
    77-731 Dumps
    77-853 Dumps
    77-881 Dumps
    77-882 Dumps
    77-883 Dumps
    77-884 Dumps
    77-885 Dumps
    77-886 Dumps
    77-887 Dumps
    77-888 Dumps
    77-891 Dumps
    98-349 Dumps
    98-361 Dumps
    98-362 Dumps
    98-363 Dumps
    98-364 Dumps
    98-365 Dumps
    98-366 Dumps
    98-367 Dumps
    98-368 Dumps
    98-369 Dumps
    98-372 Dumps
    98-373 Dumps
    98-374 Dumps
    98-375 Dumps
    98-379 Dumps
    98-380 Dumps
    98-381 Dumps
    98-382 Dumps
    98-383 Dumps
    98-388 Dumps
    AZ-100 Dumps
    AZ-101 Dumps
    AZ-102 Dumps
    INF-203x Dumps
    INF-204x Dumps
    INF-205x Dumps
    INF-206x Dumps
    MB2-700 Dumps
    MB2-701 Dumps
    MB2-702 Dumps
    MB2-703 Dumps
    MB2-704 Dumps
    MB2-706 Dumps
    MB2-707 Dumps
    MB2-708 Dumps
    MB2-709 Dumps
    MB2-710 Dumps
    MB2-711 Dumps
    MB2-712 Dumps
    MB2-713 Dumps
    MB2-714 Dumps
    MB2-715 Dumps
    MB2-716 Dumps
    MB2-717 Dumps
    MB2-718 Dumps
    MB2-719 Dumps
    MB2-877 Dumps
    MB5-705 Dumps
    MB6-700 Dumps
    MB6-701 Dumps
    MB6-702 Dumps
    MB6-703 Dumps
    MB6-704 Dumps
    MB6-705 Dumps
    MB6-884 Dumps
    MB6-885 Dumps
    MB6-886 Dumps
    MB6-889 Dumps
    MB6-890 Dumps
    MB6-892 Dumps
    MB6-893 Dumps
    MB6-894 Dumps
    MB6-895 Dumps
    MB6-896 Dumps
    MB6-897 Dumps
    MB6-898 Dumps