[Free] Download New Updated (February 2016) Microsoft 70-640 Practice Tests 171-180
QUESTION 171
You are decommissioning one of the domain controllers in a child domain.
You need to transfer all domain operations master roles within the child domain to a newly installed domain controller in the same child domain.
Which three domain operations master roles should you transfer? (Each correct answer presents part of the solution. Choose three.)
|
A. |
RID master |
|
B. |
PDC emulator |
|
C. |
Schema master |
|
D. |
Infrastructure master |
|
E. |
Domain naming master |
Correct Answer: ABD
Explanation:
http://technet.microsoft.com/en-us/library/cc781578%28v=ws.10%29.aspx
Transferring operations master roles
Transferring an operations master role means moving it from one domain controller to another with the cooperation of the original role holder. Depending upon the operations master role to be transferred, you perform the role transfer using one of the three Active Directory consoles in Microsoft Management Console (MMC).
QUESTION 172
Your network contains a single Active Directory domain named contoso.com. The domain contains two domain controllers named DC1 and DC2 that run Windows Server 2008 R2.
DC1 hosts a primary zone for Contoso.com. DC2 hosts a secondary zone for contosto.com.
On DC1, you change the zone to an Active Directory-integrated zone and configure the zone to accept secure dynamic updates only.
You need to ensure that DC2 can accept secure dynamic updates to the contoso.com zone.
Which command should you run?
|
A. |
dnscmd.exe dc2.contoso.com /createdirectorypartition dns.contoso.com |
|
B. |
dnscmd.exe dc2.contoso.com /zoneresettype contoso.com /dsprimary |
|
C. |
dnslint.exe /ql |
|
D. |
repadmin.exe /syncall /force |
Correct Answer: B
Explanation:
http://technet.microsoft.com/en-us/library/cc772069%28v=ws.10%29.aspx#BKMK_29
Dnscmd A command-line interface for managing DNS servers. This utility is useful in scripting batch files to help automate routine DNS management tasks, or to perform simple unattended setup and configuration of new DNS servers on your network.
dnscmd /zoneresettype
Changes the zone type.
Syntax
dnscmd [<ServerName>] /zoneresettype <ZoneName> <ZoneType> [/overwrite_mem | /overwrite_ds]
Parameters
<ServerName>
Specifies the DNS server to manage, represented by local computer syntax, IP address, FQDN, or host name. If this parameter is omitted, the local server is used.
<ZoneName>
Identifies the zone on which the type will be changed.
<ZoneType> Specifies the type of zone to create. Each type has different required parameters:
/dsprimary Creates an Active Directory璱ntegrated zone.
/primary /file <FileName> Creates a standard primary zone.
/secondary <MasterIPAddress> [,<MasterIPAddress>…] Creates a standard secondary zone.
/stub <MasterIPAddress>[,<MasterIPAddress>…] /file <FileName> Creates a file-backed stub zone.
/dsstub <MasterIPAddress>[,<MasterIPAddress>…] Creates an Active Directory璱ntegrated stub zone.
/forwarder <MasterIPAddress[,<MasterIPAddress>]… /file<FileName> Specifies that the created zone forwards unresolved queries to another DNS server.
/dsforwarder Specifies that the created Active Directory璱ntegrated zone forwards unresolved queries to another DNS server.
/overwrite_mem | /overwrite_ds
Specifies how to overwrite existing data:
/overwrite_mem Overwrites DNS data from data in AD DS.
/overwrite_ds Overwrites existing data in AD DS.
Remarks
Setting the zone type as /dsforwarder creates a zone that performs conditional forwarding.
QUESTION 173
ABC.com has a software evaluation lab. There is a server in the evaluation lab named as CKT. CKT runs Windows Server 2008 and Microsoft Virtual Server 2005 R2. CKT has 200 virtual servers running on an isolated virtual segment to evaluate software. To connect to the internet, it uses physical network interface card.
ABC.com requires every server in the company to access Internet. ABC.com security policy dictates that the IP address space used by software evaluation lab must not be used by other networks. Similarly, it states the IP address space used by other networks should not be used by the evaluation lab network.
As an administrator you find you that the applications tested in the software evaluation lab need to access normal network to connect to the vendors update servers on the internet.
You need to configure all virtual servers on the CKT server to access the internet. You also need to comply with company’s security policy.
Which two actions should you perform to achieve this task? (Choose two answers. Each answer is a part of the complete solution)
|
A. |
Trigger the Virtual DHCP server for the external virtual network and run ipconfig/renew command on each virtual server |
|
B. |
On CKT’s physical network interface, activate the Internet Connection Sharing (ICS) |
|
C. |
Use ABC.com intranet IP addresses on all virtual servers on CKT. |
|
D. |
Add and install a Microsoft Loopback Adapter network interface on CKT. Use a new network interface and create a new virtual network. |
|
E. |
None of the above |
Correct Answer: AD
Explanation:
http://class10e.com/Microsoft/which-two-actions-should-you-perform-to-achieve-this-task-choose-two-answers/
To configure all virtual servers on the CKT server to access the internet and comply with company’s security policy, you should trigger the virtual DHCP server for the external virtual network and run ipconfig/renew command on each virtual server. Then add and install Microsoft Loopback adapter network interface on CKT.
Create a virtual network using the new interface.
When you configure the Virtual DHCP server for the external virtual network, a set of IP addresses are assigned to the virtual servers on CKT server. By running ipconfig/renew command, the new IP addresses will be renewed. The Microsoft Loopback adapter network interface will ensure that the IP address space used by other networks are not been used by the virtual servers
on CKT server. You create a new virtual network on the new network interface which will enable you to access internet.
QUESTION 174
ABC.com has a main office and a branch office. ABC.com’s network consists of a single Active Directory forest.
Some of the servers in the network run Windows Server 2008 and the rest run Windows server 2003.
You are the administrator at ABC.com. You have installed Active Directory Domain Services (AD DS) on a computer that runs Windows Server 2008. The branch office is located in a physically insecure place. It has no IT personnel onsite and there are no administrators over there. You need to setup a Read-Only Domain Controller (RODC) on the Server Core installation computer in the branch office.
What should you do to setup RODC on the computer in branch office?
|
A. |
Execute an attended installation of AD DS |
|
B. |
Execute an unattended installation of AD DS |
|
C. |
Execute RODC through AD DS |
|
D. |
Execute AD DS by using deploying the image of AD DS |
|
E. |
none of the above |
Correct Answer: B
Explanation:
http://technet.microsoft.com/en-us/library/cc754629.aspx
Install an RODC on a Server Core installation
To install an RODC on a Server Core installation of Windows Server 2008, you must perform an unattended installation of AD DS.
QUESTION 175
Your network contains a single Active Directory domain that has two sites named Site1 and Site2. Site1 has two domain controllers named DC1 and DC2. Site2 has two domain controllers named DC3 and DC4.
DC3 fails.
You discover that replication no longer occurs between the sites.
You verify the connectivity between DC4 and the domain controllers in Site1.
On DC4, you run repadmin.exe /kcc.
Replication between the sites continues to fail.
You need to ensure that Active Directory data replicates between the sites.
What should you do?
|
A. |
From Active Directory Sites and Services, modify the properties of DC3. |
| < p class="MsoNormal" style="margin: 0cm 0cm 0pt; line-height: normal; text-autospace: ; mso-layout-grid-align: none" align="left">B. |
From Active Directory Sites and Services, modify the NTDS Site Settings of Site2. |
|
C. |
From Active Directory Users and Computers, modify the location settings of DC4. |
|
D. |
From Active Directory Users and Computers, modify the delegation settings of DC4. |
Correct Answer: A
Explanation:
MCTS 70-640 Cert Guide: Windows Server 2008 Active Directory, Configuring (Pearson IT Certification, 2010) pages 193, 194
Bridgehead Servers
A bridgehead server is the domain controller designated by each site’s KCC to take control of intersite replication. The bridgehead server receives information replicated from other sites and replicates it to its site’s other domain controllers. It ensures that the greatest portion of replication occurs within sites rather than between them.
In most cases, the KCC automatically decides which domain controller acts as the bridgehead server.
However, you can use Active Directory Sites and Services to specify which domain controller will be the preferred bridgehead server by using the following steps:
1. In Active Directory Sites and Services, expand the site in which you want to specify the preferred bridgehead server.
2. Expand the Servers folder to locate the desired server, right-click it, and then choose Properties.
3. From the list labeled Transports available for intersite data transfer, select the protocol(s) for which you want to designate this server as a preferred bridgehead server and then click Add.
QUESTION 176
Your network contains an Active Directory domain.
You have a server named Server1 that runs Windows Server 2008 R2. Server1 is an enterprise root certification authority (CA).
You have a client computer named Computer1 that runs Windows 7.
You enable automatic certificate enrollment for all client computers that run Windows 7.
You need to verify that the Windows 7 client computers can automatically enroll for certificates.
Which command should you run on Computer1?
|
A. |
certreq.exe retrieve |
|
B. |
certreq.exe submit |
|
C. |
certutil.exe getkey |
|
D. |
certutil.exe pulse |
Correct Answer: D
Explanation:
http://social.technet.microsoft.com/Forums/en-US/winserversecurity/thread/795f209d-b056-4de8-8dcf-7c7f80529aab/
What does “certutil -pulse” command do?
Certutil -pulse will initiate autoenrollment requests. It is equivalent to doing the following in the CertMgr.msc console (in Vista and Windows 7) Right-click Certificates , point to All Tasks , click Automatically Enroll and Retrieve Certificates.
The command does require that
– any autoenrollment GPO settings have already been applied to the target user or computer
– a certificate template enables Read, Enroll and Autoenroll permissions for the user or a global or universal group containing the user
– The group membership is recognized in the users Token (they have logged on after the membership was added
http://technet.microsoft.com/library/cc732443.aspx
Certutil
Certutil.exe is a command-line program that is installed as part of Certificate Services. You can use Certutil.exe to dump and display certification authority (CA) configuration information, configure Certificate Services, backup and restore CA components, and verify certificates, key pairs, and certificate chains.
When certutil is run on a certification authority without additional parameters, it displays the current certification authority configuration. When cerutil is run on a non-certification authority, the command defaults to running the certutil -dump verb.
Verbs
The following table describes the verbs that can be used with the certutil command.
pulse
Pulse auto enrollment events
QUESTION 177
Active Directory Rights Management Services (AD RMS) is deployed on your network.
Users who haveWindows Mobile 6 devices report that they cannot access documents that are protected by AD RMS.
You need to ensure that all users can access AD RMS protected content by using Windows Mobile 6 devices.
What should you do?
|
A. |
Modify the security of the ServerCertification.asmx file. |
|
B. |
Modify the security of the MobileDeviceCertification.asmx file. |
|
C. |
Enable anonymous authentication for the _wmcs virtual directory. |
|
D. |
Enable anonymous authentication for the certification virtual directory. |
Correct Answer: B
Explanation:
http://technet.microsoft.com/en-us/library/ff608252%28v=ws.10%29.aspx
Windows Mobile Considerations for AD RMS
AD RMS and Windows Mobile Requirements
Active Directory Rights Management Services (AD RMS) integrates with Microsoft Windows Mobile?in Windows Mobile 6 and later devices. End users can create and consume protected e-mail messages and can read protected Microsoft Office documents on their Windows Mobile device.
AD RMS client capabilities are embedded in the operating system of Windows Mobile 6 and later devices. There is no AD RMS client available for Windows Mobile 5.0 or earlier; AD RMS can be used only on devices with Windows Mobile 6 and later. There is full interoperability when sharing AD RMS protected content between the different versions and editions of Windows Mobile 6 or later.
By default the Discretionary access control lists (DACLs) of the AD RMS mobile certification pipeline is restricted and must be enabled for Windows Mobile 6 or later devices to obtain certificates and licenses to create and consume AD RMS protected content. You can enable the certification of mobile devices
by giving the AD RMS Service Group and the user account objects of the AD RMS-enabled application Read and Read & Execute permissions to the MobileDeviceCertification.asmx file. This file is located under %systemdrive%Inetpubwwwroot_wmcsCertification by default. You must complete this process on each AD RMS server in the cluster.
QUESTION 178
Your network contains an enterprise root certification authority (CA).
You need to ensure that a certificate issued by the CA is valid.
What should you do?
|
A. |
Run syskey.exe and use the Update option. |
|
B. |
Run sigverif.exe and use the Advanced option. |
|
C. |
Run certutil.exe and specify the -verify parameter. |
|
D. |
Run certreq.exe and specify the -retrieve parameter. |
Correct Answer: C
Explanation:
http://blogs.technet.com/b/pki/archive/2006/11/30/basic-crl-checking-with-certutil.aspx
Basic CRL checking with certutil
Certutil.exe is the command-line tool to verify certificates and CRLs. To get reliable verification results, you must use certutil.exe because the Certificate MMC Snap-In does not verify the CRL of certificates. A certificate might be wrongly shown in the MMC snap-in as valid but once you verify it with certutil.exe you will see that the certificate is actually invalid.
QUESTION 179
You add an Online Responder to an Online Responder Array.
You need to ensure that the new Online Responder resolves synchronization conflicts for all members of the Array.
What should you do?
|
A. |
From Network Load Balancing Manager, set the priority ID of the new Online Responder to 1. |
|
B. |
From Network Load Balancing Manager, set the priority ID of the new Online Responder to 32. |
|
C. |
From the Online Responder Management Console, select the new Online Responder, and then select Set as Array Controller. |
|
D. |
From the Online Responder Management Console, select the new Online Responder, and then selectSynchronize Members with Array Controller. |
Correct Answer: C
Explanation:
Reference 1:
http://technet.microsoft.com/en-us/library/cc770413.aspx
Managing Array members
For each Array, one member is defined as the Array controller; the role of the Array controller is to help resolve synchronization conflicts and to apply updated revocation configuration information to all Array members.
Reference 2:
http://technet.microsoft.com/en-us/library/cc771281.aspx
To designate an Array controller
1. Open the Online Responder snap-in.
2. In the console tree, click Array Configuration Members.
3. Select the Online Responder that you want to designate as the Array controller.
4. In the Actions pane, click Set as Array Controller.
QUESTION 180
Your company has an Active Directory Rights Management Services (AD RMS) server. Users have Windows Vista computers. An Active Directory domain is configured at the Windows Server 2003 functional level.
You need to configure AD RMS so that users are able to protect their documents.
What should you do?
|
A. |
Install the AD RMS client 2.0 on each client computer. |
|
B. |
Add the RMS service account to the local administrators group on the AD RMS server. |
|
C. |
Establish an e-mail account in Active Directory Domain Services (AD DS) for each RMS user. |
|
D. |
Upgrade the Active Directory domain to the functional level of Windows Server 2008. |
Correct Answer: C
Explanation:
http://technet.microsoft.com/en-us/library/cc753531%28v=ws.10%29.aspx
AD RMS Step-by-Step Guide
For each user account and group that you configure with AD RMS, you need to add an e- mail address and then assign the users to groups.
Free VCE & PDF File for Microsoft 70-640 Real Exam
Instant Access to Free VCE Files: MCSE|MCSA|MCITP…
Instant Access to Free PDF Files: MCSE|MCSA|MCITP…
70-410 Dumps VCE PDF
70-411 Dumps VCE PDF
70-412 Dumps VCE PDF
70-413 Dumps VCE PDF
70-414 Dumps VCE PDF
70-417 Dumps VCE PDF
70-461 Dumps VCE PDF
70-462 Dumps VCE PDF
70-463 Dumps VCE PDF
70-464 Dumps VCE PDF
70-465 Dumps VCE PDF
70-480 Dumps VCE PDF
70-483 Dumps VCE PDF
70-486 Dumps VCE PDF
70-487 Dumps VCE PDF