[Free] 2018(July) Dumps4cert Microsoft 70-640 Dumps with VCE and PDF Download 271-280

Dumps4cert.com : Latest Dumps with PDF and VCE Files
2018 July Microsoft Official New Released 70-640
100% Free Download! 100% Pass Guaranteed!

Windows Server 2008 Active Directory, Configuring

Question No: 271 – (Topic 3)

You have an enterprise subordinate certification authority (CA). You have a custom Version 3 certificate template.

Users can enroll for certificates based on the custom certificate template by using the

Certificates console. The certificate template is unavailable for Web enrollment.

You need to ensure that the certificate template is available on the Web enrollment pages. What should you do?

  1. Run certutil.exe Cpulse.

  2. Run certutil.exe Cinstallcert.

  3. Change the certificate template to a Version 2 certificate template.

  4. On the certificate template, assign the Autoenroll permission to the users.

Answer: C Explanation:

Identical to F/Q12. Reference 1:

http://technet.microsoft.com/en-us/library/cc732517.aspx

Certificate Web enrollment cannot be used with version 3 certificate templates. Reference 2:

http://blogs.technet.com/b/ad/archive/2008/06/30/2008-web-enrollment-and-version-3- templates.aspx

The reason for this blog post is that one of our customers called after noticing some unexpected behavior when they were trying to use the Server 2008 certificate web enrollment page to request a Version 3 Template based certificate. The problem was that no matter what they did the Version 3 Templates would not appear as certificates which could be requested via the web page. On the other hand, version 1 and 2 templates did appear in the page and requests could be done successfully using those templates.

Question No: 272 – (Topic 3)

You need to compact an Active Directory database on a domain controller that runs Windows Server 2008 R2.

What should you do?

  1. Run defrag.exe /a /c.

  2. Run defrag.exe /c /u.

  3. From Ntdsutil, use the Files option.

  4. From Ntdsutil, use the Metadata cleanup option.

    Answer: C Explanation:

    Reference 1:

    http://technet.microsoft.com/en-us/library/cc794920.aspx Compact the Directory Database File (Offline Defragmentation)

    You can use this procedure to compact the Active Directory database offline. Offline defragmentation returns free disk space in the Active Directory database to the file system. As part of the offline defragmentation procedure, check directory database integrity.

    Performing offline defragmentation creates a new, compacted version of the database file in a different location.

    Reference 2:

    Mastering Windows Server 2008 R2 (Sybex, 2010) page 805 Performing Offline Defragmentation of Ntds.dit

    These steps assume that you will be compacting the Ntds.dit file to a local folder. If you plan to defragment and compact the database to a remote shared folder, map a drive letter to that shared folder before you begin these steps, and use that drive letter in the path where appropriate.

    1. Open an elevated command prompt. Click Start, and then right-click Command Prompt. Click Run as Administrator.

    2. Type ntdsutil, and then press Enter.

    3. Type Activate instance NTDS, and press Enter.

    4. At the resulting ntdsutil prompt, type Files (case sensitive), and then press Enter.

    5. At the file maintenance prompt, type compact to followed by the path to the destination folder for the defragmentation, and then press Enter.

      Question No: 273 – (Topic 3)

      Your network contains an Active Directory domain. You create and mount an Active Directory snapshot.

      You run dsamain.exe as shown in the exhibit. (Click the Exhibit button.)

      Dumps4Cert 2018 PDF and VCE

      You need to ensure that you can browse the contents of the Active Directory snapshot. What should you?

      1. Stop Active Directory Domain Services (AD DS), and then rerun dsamain.exe.

      2. Change the value of the dbpath parameter, and then rerun dsamain.exe.

      3. Change the value of the ldapport parameter, and then rerun dsamain.exe.

      4. Restart the Volume Shadow Copy Service (VSS), and then rerun dsamain.exe.

Answer: B Explanation:

The path in the exhibit points to the running Active Directory database, not to the snapshot. Reference:

http://technet.microsoft.com/en-us/library/cc772168.aspx

For the dbpath parameter, you must specify a mounted snapshot or a backup that you want to view along with the complete path to the Ntds.dit file, for example:

/dbpath E:\$SNAP_200704181137_VOLUMED$\WINDOWS\NTDS\ntds.dit

Question No: 274 – (Topic 3)

Your network contains an Active Directory domain. The domain contains two sites named Site1 and Site2. Site1 contains four domain controllers. Site2 contains a read-only domain

controller (RODC).

You add a user named User1 to the Allowed RODC Password Replication Group.

The WAN link between Site1 and Site2 fails. User1 restarts his computer and reports that he is unable to log on to the domain.

The WAN link is restored and User1 reports that he is able to log on to the domain. You need to prevent the problem from reoccurring if the WAN link fails.

What should you do?

  1. Create a Password Settings object (PSO) and link the PSO to User1#39;s user account.

  2. Create a Password Settings object (PSO) and link the PSO to the Domain Users group.

  3. Add the computer account of the RODC to the Allowed RODC Password Replication Group.

  4. Add the computer account of User1#39;s computer to the Allowed RODC Password Replication Group.

Answer: D

Question No: 275 – (Topic 3)

Your network contains an Active Directory forest. The forest contains two domains. You have a standalone root certification authority (CA).

On a server in the child domain, you run the Add Roles Wizard and discover that the option to select an enterprise CA is disabled.

You need to install an enterprise subordinate CA on the server. What should you use to log on to the new server?

  1. an account that is a member of the Certificate Publishers group in the child domain

  2. an account that is a member of the Certificate Publishers group in the forest root domain

  3. an account that is a member of the Schema Admins group in the forest root domain

  4. an account that is a member of the Enterprise Admins group in the forest root domain

Answer: D

Reference:

http://social.technet.microsoft.com/Forums/uk/winserversecurity/thread/887f4cec-12f6- 4c15-a506-568ddb21d46b

In order to install Enterprise CA you MUST have Enterprise Admins permissions, because Configuration naming context is replicated between domain controllers in the forest (not only current domain) and are writable for Enterprise Admins (domain admins permissions are insufficient).

Question No: 276 – (Topic 3)

Your network contains an Active Directory forest. All domain controllers run Windows Server 2008 Standard.

The functional level of the domain is Windows Server 2003. You have a certification authority (CA).

The relevant servers in the domain are configured as shown below:

Dumps4Cert 2018 PDF and VCE

You need to ensure that you can install the Active Directory Certificate Services (AD CS) Certificate Enrollment Web Service on the network.

What should you do?

  1. Upgrade Server1 to Windows Server 2008 R2.

  2. Upgrade Server2 to Windows Server 2008 R2.

  3. Raise the functional level of the domain to Windows Server 2008.

  4. Install the Windows Server 2008 R2 Active Directory Schema updates.

Answer: D

Reference:

http://technet.microsoft.com/en-us/library/dd759243.aspx Installation requirements

Before installing the certificate enrollment Web services, ensure that your environment meets these requirements:

A host computer as a domain member running Windows Server 2008 R2. An Active Directory forest with a Windows Server 2008 R2 schema.

An enterprise certification authority (CA) running Windows Server 2008 R2, Windows Server 2008, or

Windows Server 2003.

Question No: 277 – (Topic 3)

You have an enterprise root certification authority (CA) that runs Windows Server 2008 R2.

You need to ensure that you can recover the private key of a certificate issued to a Web server.

What should you do?

  1. From the CA, run the Get-PfxCertificate cmdlet.

  2. From the Web server, run the Get-PfxCertificate cmdlet.

  3. From the CA, run the certutil.exe tool and specify the -exportpfx parameter.

  4. From the Web server, run the certutil.exe tool and specify the -exportpfx parameter.

    Answer: D Explanation:

    http://technet.microsoft.com/en-us/library/ee449471(v=ws.10).aspx

    Manual Key Archival Manual key archival can be used in the following common scenarios that are not supported by automatic key archival:

    Secure/Multipurpose Internet Mail Extensions (S/MIME) certificates used by Microsoft庐 Office Outlook.

    Certificates issued by CAs that do not support key archival.

    Certificates installed on the Microsoft Windows庐 2000 and Windows Millennium Edition operating systems.

    This topic includes procedures for exporting a private key by using the following programs

    and for importing a private key to a CA database: Certutil.exe

    Certificates snap-in Microsoft Office Outlook

    To export private keys by using Certutil.exe

    1. Open a Command Prompt window.

    2. Type the Certutil.exe -exportpfx command using the command-line options described in the following table.

      Certutil.exe [-p lt;Passwordgt;] -exportpfx lt;CertificateIdgt; lt;OutputFileNamegt;

      Dumps4Cert 2018 PDF and VCE

      C:\Documents and Settings\usernwz1\Desktop\1.PNG

      Question No: 278 – (Topic 3)

      Your network contains an Active Directory domain. The domain contains several domain controllers.All domain controllers run Windows Server 2008 R2.

      You need to restore the Default Domain Controllers Policy Group Policy object (GPO) to the Windows Server 2008 R2 default settings.

      What should you do?

      1. Run dcgpofix.exe /target:dc.

      2. Run dcgpofix.exe /target:domain.

      3. Delete the link for the Default Domain Controllers Policy, and then run gpupdate.exe

        /sync.

      4. Delete the link for the Default Domain Controllers Policy, and then run gpupdate.exe

/force.

Answer: A

Reference:

http://technet.microsoft.com/en-us/library/hh875588.aspx

Dcgpofix Recreates the default Group Policy Objects (GPOs) for a domain. Syntax

DCGPOFix [/ignoreschema] [/target: {Domain | DC | Both}] [/?]

/ignoreschema Ignores the version of the Active Directory庐 schema when you run this command. Otherwise, the command only works on the same schema version as the Windows version in which the command was shipped.

/target {Domain | DC | Both} Specifies which GPO to restore. You can restore the Default Domain Policy GPO, the Default Domain Controllers GPO, or both.

Examples

Restore the Default Domain Controllers Policy GPO to its original state. You will lose any changes that you have made to this GPO. dcgpofix /ignoreschema /target:DC

Question No: 279 – (Topic 3)

Your network contains a single Active Directory domain. The domain contains five read- only domain controllers (RODCs) and five writable domain controllers. All servers run Windows Server 2008.

You plan to install a new read-only domain controllerRODC that runs Windows Server 2008 R2.

You need to ensure that you can add the new RODC to the domain.You want to achieve this goal by using the minimum amount of administrative effort.

Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

  1. At the command prompt, run adprep.exe /rodcprep.

  2. At the command prompt, run adprep.exe /forestprep.

  3. At the command prompt, run adprep.exe /domainprep.

  4. From Active Directory Domains and Trusts, raise the functional level of the domain.

  5. From Active Directory Users and Computers, pre-stage the RODC computer account.

Answer: B,C

Question No: 280 – (Topic 3)

You need to back up all of the group policies in a domain. The solution must minimize the size of the backup.

What should you use?

  1. the Add-WBSystemState cmdlet

  2. the Group Policy Management console

  3. the Wbadmin tool

  4. the Windows Server Backup feature

    Answer: B

    Reference:

    http://technet.microsoft.com/en-us/library/cc770536.aspx To back up a Group Policy object

    1. In the Group Policy Management Console (GPMC) console tree, open Group Policy Objects in the forest and domain containing the Group Policy object (GPO) to back up.

    2. To back up a single GPO, right-click the GPO, and then click Back Up. To back up all GPOs in the domain, right-click Group Policy objects and click Back Up All.

      100% Dumps4cert Free Download!
      Download Free Demo:70-640 Demo PDF
      100% Dumps4cert Pass Guaranteed!
      70-640 Dumps

      Dumps4cert ExamCollection Testking
      Lowest Price Guarantee Yes No No
      Up-to-Dated Yes No No
      Real Questions Yes No No
      Explanation Yes No No
      PDF VCE Yes No No
      Free VCE Simulator Yes No No
      Instant Download Yes No No

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.