[Free] Download New Updated (February 2016) Microsoft 70-640 Practice Tests 121-130



As an administrator at Company, you have installed an Active Directory forest that has a single domain.


You have installed an Active Directory Federation services (AD FS) on the domain member server.


What should you do to configure AD FS to make sure that AD FS token contains information from the active directory domain?



Add a new account store and configure it.


Add a new resource partner and configure it


Add a new resource store and configure it


Add a new administrator account on AD FS and configure it


None of the above


Correct Answer: A



Step 3: Installing and Configuring AD FS

Now that you have configured the computers that will be used as federation servers, you are ready to install Active Directory Federation Services (AD FS) components on each of the computers. This section includes the following procedures:

Install the Federation Service on ADFS-RESOURCE and ADFS-ACCOUNT Configure ADFS-ACCOUNT to work with AD RMS

Configure ADFS-RESOURCE to Work with AD RMS




There are 100 servers and 2000 computers present at your company’s headquarters.


The DHCP service is installed on a two-node Microsoft failover cluster named CKMFO to ensure the high availability of the service.


The nodes are named as CKMFON1 and CKMFON2.


The cluster on CKMFO has one physical shared disk of 400 GB capacity.


A 200GB single volume is configured on the shared disk.


Company has decided to host a Windows Internet Naming Service (WINS) on CKMFON1.


The DHCP and WINS services will be hosted on other nodes.


Using High Availability Wizard, you begin creating the WINS service group on cluster available on CKMFON1 node.


The wizard shows an error “no disks are available” during configuration.


Which action should you perform to configure storage volumes on CKMFON1 to successfully add the WINS Service group to CKMFON1?



Backup all data on the single volume on CKMFON1 and configure the disk with GUID partition table and create two volumes. Restore the backed up data on one of the volumes and use the other for WINS service group


Add a new physical shared disk to the CKMFON1 cluster and configure a new volume on it. Use this volume to fix the error in the wizard.


Add new physical shared disks to CKMFON1 and EMBFON2. Configure the volumes onthese disk and direct CKMOFONI to use CKMFON2 volume for the WINS service group


Add and configure a new volume on the existing shared disk which has 400GB of space. Use this volume to fix the error in the wizard


None of the above


Correct Answer: B



To configure storage volumes on CKMFON1 to successfully add the WINS Service group to CKMFON1, you need to add a new physical shared disk to the CKMFON1 cluster and configure a new volume on it.

Use this volume to fix the error in the wizard.

This is because a cluster does not use shared storage. A cluster must use a hardware solution based either on shared storage or on replication between nodes.




You need to force a domain controller to register all service location (SRV) resource records in DNS.


Which command should you run?



ipconfig.exe /registerdns


net.exe stop dnscache & net.exe start dnscache


net.exe stop netlogon & net.exe start netlogon


regsvr32.exe dnsrslvr.dll


Correct Answer: C


MCTS 70-640 Cert Guide: Windows Server 2008 Active Directory, Configuring (Pearson IT Certification, 2010) page 62

The SRV resource records for a domain controller are important in enabling clients to locate the domain controller. The Netlogon service on domain controllers registers this resource record whenever a domain controller is restarted. You can also re-register a domain controller’s SRV resource records by restarting this service from the Services branch of Server Manager or by typing net start netlogon. An exam question might ask you how to troubleshoot the nonregistration of SRV resource records.




Your company has a main office and a branch office. The main office contains two domain controllers.


You create an Active Directory site named BranchOfficeSite.


You deploy a domain controller in the branch office, and then add the domain controller to the BranchOfficeSite site.


You discover that users in the branch office are randomly authenticated by either the domain controller in the branch office or the domain controllers in the main office.


You need to ensure that the users in the branch office always attempt to authenticate to the domain controller in the branch office first.


What should you do?



Create organizational units (OUs).


Create Active Directory subnet objects.


Modify the slow link detection threshold.


Modify the Location attribute of the computer objects.


Correct Answer: B



Understanding Sites, Subnets, and Site Links

Sites overview

Sites in AD DS represent the physical structure, or topology, of your network. AD DS uses network topology information, which is stored in the directory as site, subnet, and site link objects, to build the most efficient replication topology. The replication topology itself consists of the set of connection objects that enable inbound replication from a source domain controller to the destination domain controller that stores the connection object. The Knowledge Consistency Checker (KCC) creates these connection objects automatically on each domain controller.


Associating sites and subnets

A subnet object in AD DS groups neighboring computers in much the same way that postal codes group neighboring postal addresses. By associating a site with one or more subnets, you assign a set of IP addresses to the site.


The term “subnet” in AD DS does not have the strict networking definition of the set of all addresses behind a single router. The only requirement for an AD DS subnet is that the address prefix conforms to the IP version 4 (IPv4) or IP version 6 (IPv6) format. When you add the Active Directory Domain Services server role to create the first domain controller in a forest, a default site (Default-First-Site-Name) is created in AD DS. As long as this site is the only site in the directory, all domain controllers that you add to the forest are assigned to this site. However, if your forest will have multiple sites, you must create subnets that assign IP addresses to Default-First-Site-Name as well as to all additional sites.


Locating domain controllers by site

Domain controllers register service (SRV) resource records in Domain Name System (DNS) that identify their site names. Domain controllers also register host (A) resource records in DNS that ide
ntify their IP addresses. When a client requests a domain controller, it provides its site name to DNS. DNS uses the site name to locate a domain controller in that site (or in the next closest site to the client). DNS then provides the IP address of the domain controller to the client for the purpose of connecting to the domain controller. For this reason, it is important to ensure that the IP address that you assign to a domain controller maps to a subnet that is associated with the site of the respective server object. Otherwise, when a client requests a domain controller, the IP address that is returned might be the IP address of a domain controller in a distant site. When a client connects to a distant site, the result can be slow performance and unnecessary traffic on expensive WAN links.










Your network contains an Active Directory domain named contoso.com.


You need to view which password setting object is applied to a user.


Which filter option in Attribute Editor should you enable?


To answer, select the appropriate filter option in the answer area.




Correct Answer:





ABC.com has purchased laptop computers that will be used to connect to a wireless network.


You create a laptop organizational unit and create a Group Policy Object (GPO) and configure user profiles by utilizing the names of approved wireless networks.


You link the GPO to the laptop organizational unit. The new laptop users complain to you that they cannot connect to a wireless network.


What should you do to enforce the group policy wireless settings to the laptop computers?



Execute gpupdate/target:computer command at the command prompt on laptop computers


Execute Add a network command and leave the SSID (service set identifier) blank


Execute gpupdate/boot command at the command prompt on laptops computers


Connect each laptop computer to a wired network and log off the laptop computer and then login again.


None of the above


Correct Answer: D




Your network contains a server named Server1 that runs Windows Server 2008 R2.


You create an Active Directory Lightweight Directory Services (AD LDS) instance on Server1.


You need to create an additional AD LDS application directory partition in the existing instance.


Which tool should you use?











Correct Answer: D



Create an Application Directory Partition

You use Ldp.exe to add a new application directory partition to an existing instance of Active Directory Lightweight Directory Services (AD LDS).




Your network contains a server named Server1. The Active Directory Rights Management Services (AD RMS) server role is installed on Server1.


An administrator changes the password of the user account that is used by AD RMS.


You need to update AD RMS to use the new password.


Which console should you use?



Active Directory Rights Management Services


Active Directory Users and Computers


Component Services




Correct Answer: A



AD RMS How To: Change the RMS Service Account Password

The Active Directory Rights Management Services management console provides a wizard to change or update the AD RMS service account. The most common use for this process is to update the service account password when it has been changed.


It is important to use this process to update or change the AD RMS service account. This ensures the necessary components are updated properly. These processes include, but are not limited to the following items.

Ensure the service account meets the criteria (is a domain account, is not the domain account that provisioned RMS, and etc.)

Temporarily suspends RMS functionality on the server during the change

Updates the RMS local groups

Updates the database role for the service account

Updates and restarts the MSMQ and logging services

Updates the service account for the _DRMSAppPool1 web application pool

Updates appropriate AD RMS configuration database tables

There are important requirements to run this wizard.

Must be logged on to the AD RMS server

Account running the wizard must be:

* A local administrator on the RMS server,

* A member of the AD RMS Enterprise Administrators group, and

* A SQL SysAdmin on the AD RMS instance

Lastly, this must be performed on each server of the AD RMS cluster






Your company has a main office and 50 branch offices. Each office contains multiple subnets.


You need to automate the creation of Active Directory subnet objects.


What should you use?



the Dsadd tool


the Netsh tool


the New-ADObject cmdlet


the New-Object cmdlet


Correct Answer: C



New-ADObject Creates an Active Directory object.


New-ADObject [-Name] <string> [-Type] <string> [-AuthType {<Negotiate> | <Basic>}] [- Credential

<PSCredential>] [-Description <string>] [-DisplayName <string>] [-Instance <ADObject>] [- OtherAttributes <hashtable>] [-PassThru <switch>] [-Path <string>] [- ProtectedFromAccidentalDeletion <System.Nullable [bool]>] [-Server <string>] [-Confirm] [- WhatIf] [<CommonParameters>]

Detailed Description

The New-ADObject cmdlet creates a new Active Directory object such as a new organizational unit or new user account. You can use this cmdlet to create any type of Active Directory object. Many object properties are defined by setting cmdlet parameters. Properties that are not set by cmdlet parameters can be set by using the OtherAttributes parameter.

You must set the Name and Type parameters to create a new Active Directory object. The Name specifies the name of the new object. The Type parameter specifies the LDAP display name of the Active Directory Schema

Class that represents the type of object you want to create. Examples of Type values include computer, group, organizational unit, and user.

The Path parameter specifies the container where the object will be created.. When you do not specify the Path parameter, the cmdlet creates an object in the default naming context container for Active Directory objects in the domain.




Your network contains an Active Directory forest. The forest contains one domain and three sites. Each site contains two domain controllers. All domain controllers are DNS servers.


You create a new Active Directory-integrated zone.


You need to ensure that the new zone is replicated to the domain controllers in only one of the sites.


What should you do first?



Modify the NTDS Site Settings object for the site.


Modify the replication settings of the default site link.


Create an Active Directory connection object.


Create an Active Directory application directory partition.


Correct Answer: D


Practically the same question as A/Q50 and K/Q17, different set of answers.

To control which servers get a copy of the zone we have to store the zone in an application directory partition.

That application directory partition must be created before we create the zone, otherwise it won’t work. So that’s what we have to do first. Directory partitions are also called naming contexts and we can create one using ntdsutil.

Here I tried to create a zone with dnscmd /zoneadd. It failed because the directory partition I wanted to use did not exist yet. To fix that I used ntdsutil to create the directory partition dc=venomous,dc=contoso,dc=com.

Note that after creating it a new naming context had been added. Then, after a minute or two, I tried to create the new zone again, and this time it worked.




Reference 1:


Store Data in an AD DS Application Partition

You can store Domain Name System (DNS) zones in the domain or application directory partitions of Active Directory Domain Services (AD DS). An application directory partition is a data structure in AD DS that distinguishes data for different replication purposes. When you store a DNS zone in an application directory partition, you can control the zone replication scope by controlling the replication scope of the application directory partition.


Reference 2:


Partition management

Manages directory partitions for Active Directory Domain Services (AD DS) or Active Directory Lightweight Directory Services (AD LDS).

This is a subcommand of Ntdsutil and Dsmgmt.


To create an application directory partition named AppPartition in the contoso.com domain, complete the following steps:

1. To open an elevated Command Prompt window, click Start, point to All Programs, click Accessories, rightclick Command Prompt, and then click Run as administrator.

2. Type: ntdsutil

3. Type: Ac in ntds

4. Type: partition management

5. Type: connections

6. Type: Connect to server DC_Name

7. Type: quit

8. Type: list

The following partitions will be listed:

0 CN=Configuration, DC=Contoso, DC=com

1 DC=Contoso, DC=com

2 CN=Schema, CN=Configuration, DC=Contoso, DC=com

3 DC=DomainDnsZones, DC=Contoso, DC=com

4 DC=ForestDnsZones, DC=Contoso, DC=com

9. At the partition management prompt, type: create nc dc=AppPartition, DC=contoso,dc=com ConDc1.contoso.com

10. Run the list command again to refresh the list of partitions.


Free VCE & PDF File for Microsoft 70-640 Real Exam

Instant Access to Free VCE Files: MCSE|MCSA|MCITP…
Instant Access to Free PDF Files: MCSE|MCSA|MCITP…