[Free] Download New Updated (February 2016) Microsoft 70-640 Practice Tests 121-130

Ensurepass

QUESTION 121

As an administrator at Company, you have installed an Active Directory forest that has a single domain.

 

You have installed an Active Directory Federation services (AD FS) on the domain member server.

 

What should you do to configure AD FS to make sure that AD FS token contains information from the active directory domain?

 

A.

Add a new account store and configure it.

B.

Add a new resource partner and configure it

C.

Add a new resource store and configure it

D.

Add a new administrator account on AD FS and configure it

E.

None of the above

 

Correct Answer: A

Explanation:

http://technet.microsoft.com/en-us/library/cc772309%28v=ws.10%29.aspx

Step 3: Installing and Configuring AD FS

Now that you have configured the computers that will be used as federation servers, you are ready to install Active Directory Federation Services (AD FS) components on each of the computers. This section includes the following procedures:

Install the Federation Service on ADFS-RESOURCE and ADFS-ACCOUNT Configure ADFS-ACCOUNT to work with AD RMS

Configure ADFS-RESOURCE to Work with AD RMS

 

 

QUESTION 122

There are 100 servers and 2000 computers present at your company’s headquarters.

 

The DHCP service is installed on a two-node Microsoft failover cluster named CKMFO to ensure the high availability of the service.

 

The nodes are named as CKMFON1 and CKMFON2.

 

The cluster on CKMFO has one physical shared disk of 400 GB capacity.

 

A 200GB single volume is configured on the shared disk.

 

Company has decided to host a Windows Internet Naming Service (WINS) on CKMFON1.

 

The DHCP and WINS services will be hosted on other nodes.

 

Using High Availability Wizard, you begin creating the WINS service group on cluster available on CKMFON1 node.

 

The wizard shows an error “no disks are available” during configuration.

 

Which action should you perform to configure storage volumes on CKMFON1 to successfully add the WINS Service group to CKMFON1?

 

A.

Backup all data on the single volume on CKMFON1 and configure the disk with GUID partition table and create two volumes. Restore the backed up data on one of the volumes and use the other for WINS service group

B.

Add a new physical shared disk to the CKMFON1 cluster and configure a new volume on it. Use this volume to fix the error in the wizard.

C.

Add new physical shared disks to CKMFON1 and EMBFON2. Configure the volumes onthese disk and direct CKMOFONI to use CKMFON2 volume for the WINS service group

D.

Add and configure a new volume on the existing shared disk which has 400GB of space. Use this volume to fix the error in the wizard

E.

None of the above

 

Correct Answer: B

Explanation:

http://class10e.com/Microsoft/which-action-should-you-perform-to-configure-storage-volumes-on-ckmfon1-tosuccessfully-add-the-wins-service-group-to-ckmfon1/

To configure storage volumes on CKMFON1 to successfully add the WINS Service group to CKMFON1, you need to add a new physical shared disk to the CKMFON1 cluster and configure a new volume on it.

Use this volume to fix the error in the wizard.

This is because a cluster does not use shared storage. A cluster must use a hardware solution based either on shared storage or on replication between nodes.

 

 

QUESTION 123

You need to force a domain controller to register all service location (SRV) resource records in DNS.

 

Which command should you run?

 

A.

ipconfig.exe /registerdns

B.

net.exe stop dnscache & net.exe start dnscache

C.

net.exe stop netlogon & net.exe start netlogon

D.

regsvr32.exe dnsrslvr.dll

 

Correct Answer: C

Explanation:

MCTS 70-640 Cert Guide: Windows Server 2008 Active Directory, Configuring (Pearson IT Certification, 2010) page 62

The SRV resource records for a domain controller are important in enabling clients to locate the domain controller. The Netlogon service on domain controllers registers this resource record whenever a domain controller is restarted. You can also re-register a domain controller’s SRV resource records by restarting this service from the Services branch of Server Manager or by typing net start netlogon. An exam question might ask you how to troubleshoot the nonregistration of SRV resource records.

 

 

QUESTION 124

Your company has a main office and a branch office. The main office contains two domain controllers.

 

You create an Active Directory site named BranchOfficeSite.

 

You deploy a domain controller in the branch office, and then add the domain controller to the BranchOfficeSite site.

 

You discover that users in the branch office are randomly authenticated by either the domain controller in the branch office or the domain controllers in the main office.

 

You need to ensure that the users in the branch office always attempt to authenticate to the domain controller in the branch office first.

 

What should you do?

 

A.

Create organizational units (OUs).

B.

Create Active Directory subnet objects.

C.

Modify the slow link detection threshold.

D.

Modify the Location attribute of the computer objects.

 

Correct Answer: B

Explanation:

http://technet.microsoft.com/en-us/library/cc754697.aspx

Understanding Sites, Subnets, and Site Links

Sites overview

Sites in AD DS represent the physical structure, or topology, of your network. AD DS uses network topology information, which is stored in the directory as site, subnet, and site link objects, to build the most efficient replication topology. The replication topology itself consists of the set of connection objects that enable inbound replication from a source domain controller to the destination domain controller that stores the connection object. The Knowledge Consistency Checker (KCC) creates these connection objects automatically on each domain controller.

 

Associating sites and subnets

A subnet object in AD DS groups neighboring computers in much the same way that postal codes group neighboring postal addresses. By associating a site with one or more subnets, you assign a set of IP addresses to the site.

Note

The term “subnet” in AD DS does not have the strict networking definition of the set of all addresses behind a single router. The only requirement for an AD DS subnet is that the address prefix conforms to the IP version 4 (IPv4) or IP version 6 (IPv6) format. When you add the Active Directory Domain Services server role to create the first domain controller in a forest, a default site (Default-First-Site-Name) is created in AD DS. As long as this site is the only site in the directory, all domain controllers that you add to the forest are assigned to this site. However, if your forest will have multiple sites, you must create subnets that assign IP addresses to Default-First-Site-Name as well as to all additional sites.

 

Locating domain controllers by site

Domain controllers register service (SRV) resource records in Domain Name System (DNS) that identify their site names. Domain controllers also register host (A) resource records in DNS that ide
ntify their IP addresses. When a client requests a domain controller, it provides its site name to DNS. DNS uses the site name to locate a domain controller in that site (or in the next closest site to the client). DNS then provides the IP address of the domain controller to the client for the purpose of connecting to the domain controller. For this reason, it is important to ensure that the IP address that you assign to a domain controller maps to a subnet that is associated with the site of the respective server object. Otherwise, when a client requests a domain controller, the IP address that is returned might be the IP address of a domain controller in a distant site. When a client connects to a distant site, the result can be slow performance and unnecessary traffic on expensive WAN links.

 

 

 

 

 

 

 

QUESTION 125

HOTSPOT

Your network contains an Active Directory domain named contoso.com.

 

You need to view which password setting object is applied to a user.

 

Which filter option in Attribute Editor should you enable?

 

To answer, select the appropriate filter option in the answer area.

 

clip_image002

 

Correct Answer:

clip_image004

 

 

QUESTION 126

ABC.com has purchased laptop computers that will be used to connect to a wireless network.

 

You create a laptop organizational unit and create a Group Policy Object (GPO) and configure user profiles by utilizing the names of approved wireless networks.

 

You link the GPO to the laptop organizational unit. The new laptop users complain to you that they cannot connect to a wireless network.

 

What should you do to enforce the group policy wireless settings to the laptop computers?

 

A.

Execute gpupdate/target:computer command at the command prompt on laptop computers

B.

Execute Add a network command and leave the SSID (service set identifier) blank

C.

Execute gpupdate/boot command at the command prompt on laptops computers

D.

Connect each laptop computer to a wired network and log off the laptop computer and then login again.

E.

None of the above

 

Correct Answer: D

 

 

QUESTION 127

Your network contains a server named Server1 that runs Windows Server 2008 R2.

 

You create an Active Directory Lightweight Directory Services (AD LDS) instance on Server1.

 

You need to create an additional AD LDS application directory partition in the existing instance.

 

Which tool should you use?

 

A.

Adaminstall

B.

Dsadd

C.

Dsmod

D.

Ldp

 

Correct Answer: D

Explanation:

http://technet.microsoft.com/en-us/library/cc755251.aspx

Create an Application Directory Partition

You use Ldp.exe to add a new application directory partition to an existing instance of Active Directory Lightweight Directory Services (AD LDS).

 

 

QUESTION 128

Your network contains a server named Server1. The Active Directory Rights Management Services (AD RMS) server role is installed on Server1.

 

An administrator changes the password of the user account that is used by AD RMS.

 

You need to update AD RMS to use the new password.

 

Which console should you use?

 

A.

Active Directory Rights Management Services

B.

Active Directory Users and Computers

C.

Component Services

D.

Services

 

Correct Answer: A

Explanation:

http://social.technet.microsoft.com/wiki/contents/articles/13034.ad-rms-how-to-change-the-rms-serviceaccount-password.aspx

AD RMS How To: Change the RMS Service Account Password

The Active Directory Rights Management Services management console provides a wizard to change or update the AD RMS service account. The most common use for this process is to update the service account password when it has been changed.

 

It is important to use this process to update or change the AD RMS service account. This ensures the necessary components are updated properly. These processes include, but are not limited to the following items.

Ensure the service account meets the criteria (is a domain account, is not the domain account that provisioned RMS, and etc.)

Temporarily suspends RMS functionality on the server during the change

Updates the RMS local groups

Updates the database role for the service account

Updates and restarts the MSMQ and logging services

Updates the service account for the _DRMSAppPool1 web application pool

Updates appropriate AD RMS configuration database tables

There are important requirements to run this wizard.

Must be logged on to the AD RMS server

Account running the wizard must be:

* A local administrator on the RMS server,

* A member of the AD RMS Enterprise Administrators group, and

* A SQL SysAdmin on the AD RMS instance

Lastly, this must be performed on each server of the AD RMS cluster

 

clip_image006

clip_image008

clip_image010

QUESTION 129

Your company has a main office and 50 branch offices. Each office contains multiple subnets.

 

You need to automate the creation of Active Directory subnet objects.

 

What should you use?

 

A.

the Dsadd tool

B.

the Netsh tool

C.

the New-ADObject cmdlet

D.

the New-Object cmdlet

 

Correct Answer: C

Explanation:

http://technet.microsoft.com/en-us/library/ee617260.aspx

New-ADObject Creates an Active Directory object.

Syntax:

New-ADObject [-Name] <string> [-Type] <string> [-AuthType {<Negotiate> | <Basic>}] [- Credential

<PSCredential>] [-Description <string>] [-DisplayName <string>] [-Instance <ADObject>] [- OtherAttributes <hashtable>] [-PassThru <switch>] [-Path <string>] [- ProtectedFromAccidentalDeletion <System.Nullable [bool]>] [-Server <string>] [-Confirm] [- WhatIf] [<CommonParameters>]

Detailed Description

The New-ADObject cmdlet creates a new Active Directory object such as a new organizational unit or new user account. You can use this cmdlet to create any type of Active Directory object. Many object properties are defined by setting cmdlet parameters. Properties that are not set by cmdlet parameters can be set by using the OtherAttributes parameter.

You must set the Name and Type parameters to create a new Active Directory object. The Name specifies the name of the new object. The Type parameter specifies the LDAP display name of the Active Directory Schema

Class that represents the type of object you want to create. Examples of Type values include computer, group, organizational unit, and user.

The Path parameter specifies the container where the object will be created.. When you do not specify the Path parameter, the cmdlet creates an object in the default naming context container for Active Directory objects in the domain.

 

 

QUESTION 130

Your network contains an Active Directory forest. The forest contains one domain and three sites. Each site contains two domain controllers. All domain controllers are DNS servers.

 

You create a new Active Directory-integrated zone.

 

You need to ensure that the new zone is replicated to the domain controllers in only one of the sites.

 

What should you do first?

 

A.

Modify the NTDS Site Settings object for the site.

B.

Modify the replication settings of the default site link.

C.

Create an Active Directory connection object.

D.

Create an Active Directory application directory partition.

 

Correct Answer: D

Explanation:

Practically the same question as A/Q50 and K/Q17, different set of answers.

To control which servers get a copy of the zone we have to store the zone in an application directory partition.

That application directory partition must be created before we create the zone, otherwise it won’t work. So that’s what we have to do first. Directory partitions are also called naming contexts and we can create one using ntdsutil.

Here I tried to create a zone with dnscmd /zoneadd. It failed because the directory partition I wanted to use did not exist yet. To fix that I used ntdsutil to create the directory partition dc=venomous,dc=contoso,dc=com.

Note that after creating it a new naming context had been added. Then, after a minute or two, I tried to create the new zone again, and this time it worked.

 

clip_image011

 

Reference 1:

http://technet.microsoft.com/en-us/library/cc725739.aspx

Store Data in an AD DS Application Partition

You can store Domain Name System (DNS) zones in the domain or application directory partitions of Active Directory Domain Services (AD DS). An application directory partition is a data structure in AD DS that distinguishes data for different replication purposes. When you store a DNS zone in an application directory partition, you can control the zone replication scope by controlling the replication scope of the application directory partition.

 

Reference 2:

http://technet.microsoft.com/en-us/library/cc730970.aspx

Partition management

Manages directory partitions for Active Directory Domain Services (AD DS) or Active Directory Lightweight Directory Services (AD LDS).

This is a subcommand of Ntdsutil and Dsmgmt.

Examples

To create an application directory partition named AppPartition in the contoso.com domain, complete the following steps:

1. To open an elevated Command Prompt window, click Start, point to All Programs, click Accessories, rightclick Command Prompt, and then click Run as administrator.

2. Type: ntdsutil

3. Type: Ac in ntds

4. Type: partition management

5. Type: connections

6. Type: Connect to server DC_Name

7. Type: quit

8. Type: list

The following partitions will be listed:

0 CN=Configuration, DC=Contoso, DC=com

1 DC=Contoso, DC=com

2 CN=Schema, CN=Configuration, DC=Contoso, DC=com

3 DC=DomainDnsZones, DC=Contoso, DC=com

4 DC=ForestDnsZones, DC=Contoso, DC=com

9. At the partition management prompt, type: create nc dc=AppPartition, DC=contoso,dc=com ConDc1.contoso.com

10. Run the list command again to refresh the list of partitions.

 

Free VCE & PDF File for Microsoft 70-640 Real Exam

Instant Access to Free VCE Files: MCSE|MCSA|MCITP…
Instant Access to Free PDF Files: MCSE|MCSA|MCITP…