[Free] 2018(July) Dumps4cert Microsoft 70-640 Dumps with VCE and PDF Download 181-190

Dumps4cert.com : Latest Dumps with PDF and VCE Files
2018 July Microsoft Official New Released 70-640
100% Free Download! 100% Pass Guaranteed!

Windows Server 2008 Active Directory, Configuring

Question No: 181 – (Topic 2)

Your network contains a single Active Directory forest. The forest contains two domains named contoso.com and sales.contoso.com. The domain controllers are configured as shown in the following table.

Dumps4Cert 2018 PDF and VCE

All domain controllers run Windows Server 2008 R2. All zones are configured as Active Directory- integrated zones.

You need to ensure that contoso.com records are available on DC3. Which command should you run?

  1. dnscmd.exe DC1.contoso.com /ZoneChangeDirectoryPartition contoso.com /domain

  2. dnscmd.exe DC1.contoso.com /ZoneChangeDirectoryPartition contoso.com /forest

  3. dnscmd.exe DC3.contoso.com /ZoneChangeDirectoryPartition contoso.com /domain

  4. dnscmd.exe DC3.contoso.com /ZoneChangeDirectoryPartition contoso.com /forest

Answer: B Explanation:

http://technet.microsoft.com/en-us/library/cc772069(v=ws.10).aspx#BKMK_23 Dnscmd A command-line interface for managing DNS servers. This utility is useful in scripting batch files to help automate routine DNS management tasks, or to perform simple unattended setup and configuration of new DNS servers on your network.

dnscmd /zonechangedirectorypartition

Changes the directory partition on which the specified zone resides.

Syntax

dnscmd [lt;ServerNamegt;] /zonechangedirectorypartition lt;ZoneNamegt;]

{[lt;NewPartitionNamegt;] | [lt;ZoneTypegt;]

}

Parameters

lt;ServerNamegt;

Specifies the DNS server to manage, represented by IP address, FQDN, or host name. If this parameter is omitted, the local server is used.

lt;ZoneNamegt; The FQDN of the current directory partition on which the zone resides.

lt;NewPartitionNamegt; The FQDN of the directory partition that the zone will be moved to.

lt;ZoneTypegt; Specifies the type of directory partition that the zone will be moved to.

/domain Moves the zone to the built-in domain directory partition.

/forest Moves the zone to the built-in forest directory partition.

/legacy Moves the zone to the directory partition that is created for pre-Active Directory domain controllers. These directory partitions are not necessary for native mode.

Question No: 182 – (Topic 2)

Your company has a main office and 50 branch offices. Each office contains multiple subnets.

You need to automate the creation of Active Directory subnet objects. What should you use?

  1. the Dsadd tool

  2. the Netsh tool

  3. the New-ADObject cmdlet

  4. the New-Object cmdlet

Answer: C Explanation:

http://technet.microsoft.com/en-us/library/ee617260.aspx New-ADObject Creates an Active Directory object.

Syntax:

New-ADObject [-Name] lt;stringgt; [-Type] lt;stringgt; [-AuthType {lt;Negotiategt; | lt;Basicgt;}] [- Credential

lt;PSCredentialgt;] [-Description lt;stringgt;] [-DisplayName lt;stringgt;] [-Instance lt;ADObjectgt;] [- OtherAttributes lt;hashtablegt;] [-PassThru lt;switchgt;] [-Path lt;stringgt;] [- ProtectedFromAccidentalDeletion lt;System.Nullable [bool]gt;] [-Server lt;stringgt;] [-Confirm] [- WhatIf] [lt;CommonParametersgt;]

Detailed Description

The New-ADObject cmdlet creates a new Active Directory object such as a new organizational unit or new user account. You can use this cmdlet to create any type of Active Directory object. Many object properties are defined by setting cmdlet parameters. Properties that are not set by cmdlet parameters can be set by using the OtherAttributes parameter.

You must set the Name and Type parameters to create a new Active Directory object. The Name specifies the name of the new object. The Type parameter specifies the LDAP display name of the Active Directory Schema

Class that represents the type of object you want to create. Examples of Type values include computer, group, organizational unit, and user.

The Path parameter specifies the container where the object will be created.. When you do not specify the Path parameter, the cmdlet creates an object in the default naming context container for Active Directory objects in the domain.

Question No: 183 – (Topic 2)

You have a Windows Server 2008 R2 that has the Active Directory Certificate Services server role installed.

You need to minimize the amount of time it takes for client computers to download a

certificate revocation list (CRL). What should you do?

  1. Install and configure an Online Responder.

  2. Import the Issuing CA certificate into the Trusted Root Certification Authorities store on all client workstations.

  3. Install and configure an additional domain controller.

  4. Import the Root CA certificate into the Trusted Root Certification Authorities store on all client workstations.

Answer: A Explanation:

http://technet.microsoft.com/en-us/library/cc725958.aspx What Is an Online Responder?

An Online Responder is a trusted server that receives and responds to individual client requests for information about the status of a certificate.

The use of Online Responders is one of two common methods for conveying information about the validity of certificates. Unlike certificate revocation lists (CRLs), which are distributed periodically and contain information about all certificates that have been revoked or suspended, an Online Responder receives and responds only to individual requests from clients for information about the status of a certificate. The amount of data retrieved per request remains constant no matter how many revoked certificates there might be.

In many circumstances, Online Responders can process certificate status requests more efficiently than by using CRLs.

Question No: 184 – (Topic 2)

Your company has an Active Directory domain named contoso.com. FS1 is a member server in contoso.com.

You add a second network interface card, NIC2, to FS1 and connect NIC2 to a subnet that contains computers in a DNS domain named fabrikam.com. Fabrikam.com has a DHCP server and a DNS server.

Users in fabrikam.com are unable to resolve FS1 by using DNS.

You need to ensure that FS1 has an A record in the fabrikam.com DNS zone.

What are two possible ways to achieve this goal? (Each correct answer presents a complete solution. Choose two.)

  1. Configure the DHCP server in fabrikam.com with the scope option 044 WINS/NBNS Servers.

  2. Configure the DHCP server in fabrikam.com by setting the scope option 015 DNS Domain Name to the domain name fabrikam.com.

  3. Configure NIC2 by configuring the Append these DNS suffixes (in order): option.

  4. Configure NIC2 by configuring the Use this connection#39;s DNS suffix in DNS registration option.

  5. Configure the DHCP server in contoso.com by setting the scope option 015 DNS Domain Name to the domain name fabrikam.com.

Answer: B,D

Question No: 185 – (Topic 2)

ABC.com has a domain controller that runs Windows Server 2008. The ABC.com network boasts 40 Windows Vista client machines.

As an administrator at ABC.com, you want to deploy Active Directory Certificate service (AD CS) to authorize the network users by issuing digital certificates.

What should you do to manage certificate settings on all machines in a domain from one main location?

  1. Configure Enterprise CA certificate settings

  2. Configure Enterprise trust certificate settings

  3. Configure Advance CA certificate settings

  4. Configure Group Policy certificate settings

  5. All of the above

Answer: D

Reference:

http://technet.microsoft.com/en-us/library/cc725911.aspx AD CS: Policy Settings

In the Windows Server庐 2008 operating system, certificate-related Group Policy settings enable administrators to manage certificate validation settings according to the security needs of the organization.

What are certificate settings in Group Policy?

Certificate settings in Group Policy enable administrators to manage the certificate settings on all the computers in the domain from a central location.

Question No: 186 – (Topic 2)

Your company has a main office and a branch office.

You discover that when you disable IPv4 on a computer in the branch office, the computer authenticates by using a domain controller in the main office.

You need to ensure that IPv6-only computers authenticate to domain controllers in the same site.

What should you do?

  1. Configure the NTDS Site Settings object.

  2. Create Active Directory subnet objects.

  3. Create Active Directory Domain Services connection objects.

  4. Install an Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) router.

Answer: B

Question No: 187 – (Topic 2)

Your network contains a server named Server1 that runs Windows Server 2008 R2.

On Server1, you create an Active Directory Lightweight Directory Services (AD LDS) instance named

Instance1.

You connect to Instance1 by using ADSI Edit.

You run the Create Object wizard and you discover that there is no User object class. You

need to ensure that you can create user objects in Instance1. What should you do?

  1. Run the AD LDS Setup Wizard.

  2. Modify the schema of Instance1.

  3. Modify the properties of the Instance1 service.

  4. Install the Remote Server Administration Tools (RSAT).

Answer: B Explanation:

http://technet.microsoft.com/en-us/library/cc772194.aspx

To create users in AD LDS, you must first import the optional user classes that are provided with AD LDS into the AD LDS schema. These user classes are provided in importable .ldf files, which you can find in the directory %windiram on the computer where AD LDS is installed.

The user, inetOrgPerson, and OrganizationalPerson object classes are not available until you import the AD LDS user class definitions into the schema.

Question No: 188 – (Topic 2)

The corporate network of Company consists of a Windows Server 2008 single Active Directory domain. The domain has two servers named Company 1 and Company 2.

To ensure central monitoring of events you decided to collect all the events on one server, to collect events from Company, and transfer them to Company 1.

You configure the required event subscriptions.

You selected the Normal option for the Event delivery optimization setting by using the HTTP protocol.

However, you discovered that none of the subscriptions work.

Which of the following actions would you perform to configure the event collection and event forwarding on the two servers? (Select three. Each answer is a part of the complete solution).

  1. Run window execute the winrm quickconfig command on Company 2.

  2. Run window execute the wecutil qc command on Company 2.

  3. Add the Company 1 account to the Administrators group on Company 2.

  4. Run window execute the winrm quickconfig command on Company 1.

  5. Add the Company 2 account to the Administrators group on Company 1.

  6. Run window execute the wecutil qc command on Company 1.

Answer: A,C,F Explanation:

We need to do three things:

1 – run winrm quickconfig on the source computer (Company 2) 2 – run wecutil qc on the collector computer (Company 1)

3 – add the computer account of the collector computer to the local Administrators group on the source computer

Had the Event delivery optimization setting been set to Minimize Bandwidth or Minimize Latency, then we would need to run winrm quickconfig on the collector computer too.

Because it#39;s set to Normal we can skip that step.

If the HTTPS protocol had been used we also would have had to configure Windows Firewall exceptions for port 443. But it#39;s not, and it#39;s not even listed, so that#39;s cool.

Reference:

http://technet.microsoft.com/en-us/library/cc748890.aspx

Configure Computers to Forward and Collect Events

Before you can create a subscription to collect events on a computer, you must configure both the collecting computer (collector) and each computer from which events will be collected (source).

To configure computers in a domain to forward and collect events

  1. Log on to all collector and source computers. It is a best practice to use a domain account with administrative privileges.

  2. On each source computer, type the following at an elevated command prompt: winrm quickconfig

    Note

    If you intend to specify an event delivery optimization of Minimize Bandwidth or Minimize Latency, then you must also run the above command on the collector computer.

  3. On the collector computer, type the following at an elevated command prompt: wecutil qc

  4. Add the computer account of the collector computer to the local Administrators group on each of the source computers.

  5. The computers are now configured to forward and collect events. Follow the steps in Create a New

    Subscription to specify the events you want to have forwarded to the collector.

    Question No: 189 – (Topic 2)

    ABC.com has a main office and a branch office. ABC.com#39;s network consists of a single Active Directory forest.

    Some of the servers in the network run Windows Server 2008 and the rest run Windows server 2003.

    You are the administrator at ABC.com. You have installed Active Directory Domain Services (AD DS) on a computer that runs Windows Server 2008. The branch office is located in a physically insecure place. It has no IT personnel onsite and there are no administrators over there. You need to setup a Read-Only Domain Controller (RODC) on the Server Core installation computer in the branch office.

    What should you do to setup RODC on the computer in branch office?

    1. Execute an attended installation of AD DS

    2. Execute an unattended installation of AD DS

    3. Execute RODC through AD DS

    4. Execute AD DS by using deploying the image of AD DS

    5. none of the above

Answer: B

Reference:

http://technet.microsoft.com/en-us/library/cc754629.aspx Install an RODC on a Server Core installation

To install an RODC on a Server Core installation of Windows Server 2008, you must perform an unattended installation of AD DS.

Question No: 190 – (Topic 2)

As the Company administrator you had installed a read-only domain controller (RODC) server at remote location.

The remote location doesn#39;t provide enough physical security for the server.

What should you do to allow administrative accounts to replicate authentication information to Read-Only Domain Controllers?

  1. Remove any administrative accounts from RODC#39;s group

  2. Add administrative accounts to the domain Allowed RODC Password Replication group

  3. Set the Deny on Receive as permission for administrative accounts on the RODC computer account

    Security tab for the Group Policy Object (GPO)

  4. Configure a new Group Policy Object (GPO) with the Account Lockout settings enabled. Link the GPO to the remote location. Activate the Read Allow and the Apply group policy Allow permissions for the administrators on the Security tab for the GPO.

  5. None of the above

Answer: B Explanation:

Dumps4Cert 2018 PDF and VCE

C:\Documents and Settings\usernwz1\Desktop\1.PNG

http://technet.microsoft.com/en-us/library/cc730883(v=ws.10).aspx Password Replication Policy

When you initially deploy an RODC, you must configure the Password Replication Policy on the writable domain controller that will be its replication partner.

The Password Replication Policy acts as an access control list (ACL). It determines if an RODC should be permitted to cache a password. After the RODC receives an authenticated user or computer logon request, it refers to the Password Replication Policy to determine if the password for the account should be cached. The same account can then perform subsequent logons more efficiently.

The Password Replication Policy lists the accounts that are permitted to be cached, and

accounts that are explicitly denied from being cached. The list of user and computer accounts that are permitted to be cached does not imply that the RODC has necessarily cached the passwords for those accounts. An administrator can, for example, specify in advance any accounts that an RODC will cache. This way, the RODC can authenticate those accounts, even if the WAN link to the hub site is offline.

Password Replication Policy Allowed and Denied lists

Two new built-in groups are introduced in Windows Server 2008 Active Directory domains to support RODC operations. These are the Allowed RODC Password Replication Group and Denied RODC Password Replication Group.

These groups help implement a default Allowed List and Denied List for the RODC Password Replication Policy. By default, the two groups are respectively added to the msDS-RevealOnDemandGroup and msDSNeverRevealGroup

Active Directory attributes mentioned earlier.

By default, the Allowed RODC Password Replication Group has no members. Also by default, the Allowed List attribute contains only the Allowed RODC Password Replication Group.

By default, the Denied RODC Password Replication Group contains the following members:

Enterprise Domain Controllers

Enterprise Read-Only Domain Controllers Group Policy Creator Owners

Domain Admins Cert Publishers Enterprise Admins Schema Admins

Domain-wide krbtgt account

By default, the Denied List attribute contains the following security principals, all of which are built-in groups:

Denied RODC Password Replication Group Account Operators

Server Operators Backup Operators Administrators

The combination of the Allowed List and Denied List attributes for each RODC and the domain-wide Denied

RODC Password Replication Group and Allowed RODC Password Replication Group give administrators great flexibility. They can decide precisely which accounts can be cached on specific RODCs.

The following table summarizes the three possible administrative models for the Password

Replication Policy.

Dumps4Cert 2018 PDF and VCE

C:\Documents and Settings\usernwz1\Desktop\1.PNG

100% Dumps4cert Free Download!
Download Free Demo:70-640 Demo PDF
100% Dumps4cert Pass Guaranteed!
70-640 Dumps

Dumps4cert ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.