[Free] Download New Updated (February 2016) Microsoft 70-640 Practice Tests 171-180

Ensurepass

QUESTION 171

You are decommissioning one of the domain controllers in a child domain.

 

You need to transfer all domain operations master roles within the child domain to a newly installed domain controller in the same child domain.

 

Which three domain operations master roles should you transfer? (Each correct answer presents part of the solution. Choose three.)

 

A.

RID master

B.

PDC emulator

C.

Schema master

D.

Infrastructure master

E.

Domain naming master

 

Correct Answer: ABD

Explanation:

http://technet.microsoft.com/en-us/library/cc781578%28v=ws.10%29.aspx

Transferring operations master roles

Transferring an operations master role means moving it from one domain controller to another with the cooperation of the original role holder. Depending upon the operations master role to be transferred, you perform the role transfer using one of the three Active Directory consoles in Microsoft Management Console (MMC).

 

clip_image002

 

QUESTION 172

Your network contains a single Active Directory domain named contoso.com. The domain contains two domain controllers named DC1 and DC2 that run Windows Server 2008 R2.

DC1 hosts a primary zone for Contoso.com. DC2 hosts a secondary zone for contosto.com.

 

On DC1, you change the zone to an Active Directory-integrated zone and configure the zone to accept secure dynamic updates only.

 

You need to ensure that DC2 can accept secure dynamic updates to the contoso.com zone.

 

Which command should you run?

 

A.

dnscmd.exe dc2.contoso.com /createdirectorypartition dns.contoso.com

B.

dnscmd.exe dc2.contoso.com /zoneresettype contoso.com /dsprimary

C.

dnslint.exe /ql

D.

repadmin.exe /syncall /force

 

Correct Answer: B

Explanation:

http://technet.microsoft.com/en-us/library/cc772069%28v=ws.10%29.aspx#BKMK_29

Dnscmd A command-line interface for managing DNS servers. This utility is useful in scripting batch files to help automate routine DNS management tasks, or to perform simple unattended setup and configuration of new DNS servers on your network.

dnscmd /zoneresettype

Changes the zone type.

Syntax

dnscmd [<ServerName>] /zoneresettype <ZoneName> <ZoneType> [/overwrite_mem | /overwrite_ds]

Parameters

<ServerName>

Specifies the DNS server to manage, represented by local computer syntax, IP address, FQDN, or host name. If this parameter is omitted, the local server is used.

<ZoneName>

Identifies the zone on which the type will be changed.

<ZoneType> Specifies the type of zone to create. Each type has different required parameters:

/dsprimary Creates an Active Directoryntegrated zone.

/primary /file <FileName> Creates a standard primary zone.

/secondary <MasterIPAddress> [,<MasterIPAddress>…] Creates a standard secondary zone.

/stub <MasterIPAddress>[,<MasterIPAddress>…] /file <FileName> Creates a file-backed stub zone.

/dsstub <MasterIPAddress>[,<MasterIPAddress>…] Creates an Active Directoryntegrated stub zone.

/forwarder <MasterIPAddress[,<MasterIPAddress>]… /file<FileName> Specifies that the created zone forwards unresolved queries to another DNS server.

/dsforwarder Specifies that the created Active Directoryntegrated zone forwards unresolved queries to another DNS server.

/overwrite_mem | /overwrite_ds

Specifies how to overwrite existing data:

/overwrite_mem Overwrites DNS data from data in AD DS.

/overwrite_ds Overwrites existing data in AD DS.

Remarks

Setting the zone type as /dsforwarder creates a zone that performs conditional forwarding.

 

 

 

QUESTION 173

ABC.com has a software evaluation lab. There is a server in the evaluation lab named as CKT. CKT runs Windows Server 2008 and Microsoft Virtual Server 2005 R2. CKT has 200 virtual servers running on an isolated virtual segment to evaluate software. To connect to the internet, it uses physical network interface card.

 

ABC.com requires every server in the company to access Internet. ABC.com security policy dictates that the IP address space used by software evaluation lab must not be used by other networks. Similarly, it states the IP address space used by other networks should not be used by the evaluation lab network.

 

As an administrator you find you that the applications tested in the software evaluation lab need to access normal network to connect to the vendors update servers on the internet.

 

You need to configure all virtual servers on the CKT server to access the internet. You also need to comply with company’s security policy.

 

Which two actions should you perform to achieve this task? (Choose two answers. Each answer is a part of the complete solution)

 

A.

Trigger the Virtual DHCP server for the external virtual network and run ipconfig/renew command on each virtual server

B.

On CKT’s physical network interface, activate the Internet Connection Sharing (ICS)

C.

Use ABC.com intranet IP addresses on all virtual servers on CKT.

D.

Add and install a Microsoft Loopback Adapter network interface on CKT. Use a new network interface and create a new virtual network.

E.

None of the above

 

Correct Answer: AD

Explanation:

http://class10e.com/Microsoft/which-two-actions-should-you-perform-to-achieve-this-task-choose-two-answers/

To configure all virtual servers on the CKT server to access the internet and comply with company’s security policy, you should trigger the virtual DHCP server for the external virtual network and run ipconfig/renew command on each virtual server. Then add and install Microsoft Loopback adapter network interface on CKT.

Create a virtual network using the new interface.

When you configure the Virtual DHCP server for the external virtual network, a set of IP addresses are assigned to the virtual servers on CKT server. By running ipconfig/renew command, the new IP addresses will be renewed. The Microsoft Loopback adapter network interface will ensure that the IP address space used by other networks are not been used by the virtual servers
on CKT server. You create a new virtual network on the new network interface which will enable you to access internet.

 

 

 

 

 

 

 

 

 

 

 

 

QUESTION 174

ABC.com has a main office and a branch office. ABC.com’s network consists of a single Active Directory forest.

 

Some of the servers in the network run Windows Server 2008 and the rest run Windows server 2003.

 

You are the administrator at ABC.com. You have installed Active Directory Domain Services (AD DS) on a computer that runs Windows Server 2008. The branch office is located in a physically insecure place. It has no IT personnel onsite and there are no administrators over there. You need to setup a Read-Only Domain Controller (RODC) on the Server Core installation computer in the branch office.

 

What should you do to setup RODC on the computer in branch office?

 

A.

Execute an attended installation of AD DS

B.

Execute an unattended installation of AD DS

C.

Execute RODC through AD DS

D.

Execute AD DS by using deploying the image of AD DS

E.

none of the above

 

Correct Answer: B

Explanation:

http://technet.microsoft.com/en-us/library/cc754629.aspx

Install an RODC on a Server Core installation

To install an RODC on a Server Core installation of Windows Server 2008, you must perform an unattended installation of AD DS.

 

 

QUESTION 175

Your network contains a single Active Directory domain that has two sites named Site1 and Site2. Site1 has two domain controllers named DC1 and DC2. Site2 has two domain controllers named DC3 and DC4.

 

DC3 fails.

 

You discover that replication no longer occurs between the sites.

 

You verify the connectivity between DC4 and the domain controllers in Site1.

 

On DC4, you run repadmin.exe /kcc.

 

Replication between the sites continues to fail.

 

You need to ensure that Active Directory data replicates between the sites.

 

What should you do?

 

A.

From Active Directory Sites and Services, modify the properties of DC3.

< p class="MsoNormal" style="margin: 0cm 0cm 0pt; line-height: normal; text-autospace: ; mso-layout-grid-align: none" align="left">B.

From Active Directory Sites and Services, modify the NTDS Site Settings of Site2.

C.

From Active Directory Users and Computers, modify the location settings of DC4.

D.

From Active Directory Users and Computers, modify the delegation settings of DC4.

 

Correct Answer: A

Explanation:

MCTS 70-640 Cert Guide: Windows Server 2008 Active Directory, Configuring (Pearson IT Certification, 2010) pages 193, 194

 

Bridgehead Servers

A bridgehead server is the domain controller designated by each site’s KCC to take control of intersite replication. The bridgehead server receives information replicated from other sites and replicates it to its site’s other domain controllers. It ensures that the greatest portion of replication occurs within sites rather than between them.

 

In most cases, the KCC automatically decides which domain controller acts as the bridgehead server.

 

However, you can use Active Directory Sites and Services to specify which domain controller will be the preferred bridgehead server by using the following steps:

1. In Active Directory Sites and Services, expand the site in which you want to specify the preferred bridgehead server.

2. Expand the Servers folder to locate the desired server, right-click it, and then choose Properties.

3. From the list labeled Transports available for intersite data transfer, select the protocol(s) for which you want to designate this server as a preferred bridgehead server and then click Add.

 

 

QUESTION 176

Your network contains an Active Directory domain.

 

You have a server named Server1 that runs Windows Server 2008 R2. Server1 is an enterprise root certification authority (CA).

 

You have a client computer named Computer1 that runs Windows 7.

 

You enable automatic certificate enrollment for all client computers that run Windows 7.

 

You need to verify that the Windows 7 client computers can automatically enroll for certificates.

 

Which command should you run on Computer1?

 

A.

certreq.exe retrieve

B.

certreq.exe submit

C.

certutil.exe getkey

D.

certutil.exe pulse

 

Correct Answer: D

Explanation:

http://social.technet.microsoft.com/Forums/en-US/winserversecurity/thread/795f209d-b056-4de8-8dcf-7c7f80529aab/

What does “certutil -pulse” command do?

Certutil -pulse will initiate autoenrollment requests. It is equivalent to doing the following in the CertMgr.msc console (in Vista and Windows 7) Right-click Certificates , point to All Tasks , click Automatically Enroll and Retrieve Certificates.

 

The command does require that

– any autoenrollment GPO settings have already been applied to the target user or computer

– a certificate template enables Read, Enroll and Autoenroll permissions for the user or a global or universal group containing the user

– The group membership is recognized in the users Token (they have logged on after the membership was added

http://technet.microsoft.com/library/cc732443.aspx

Certutil

Certutil.exe is a command-line program that is installed as part of Certificate Services. You can use Certutil.exe to dump and display certification authority (CA) configuration information, configure Certificate Services, backup and restore CA components, and verify certificates, key pairs, and certificate chains.

When certutil is run on a certification authority without additional parameters, it displays the current certification authority configuration. When cerutil is run on a non-certification authority, the command defaults to running the certutil -dump verb.

Verbs

The following table describes the verbs that can be used with the certutil command.

pulse

Pulse auto enrollment events

 

 

QUESTION 177

Active Directory Rights Management Services (AD RMS) is deployed on your network.

 

Users who haveWindows Mobile 6 devices report that they cannot access documents that are protected by AD RMS.

 

You need to ensure that all users can access AD RMS protected content by using Windows Mobile 6 devices.

 

What should you do?

 

A.

Modify the security of the ServerCertification.asmx file.

B.

Modify the security of the MobileDeviceCertification.asmx file.

C.

Enable anonymous authentication for the _wmcs virtual directory.

D.

Enable anonymous authentication for the certification virtual directory.

 

Correct Answer: B

Explanation:

http://technet.microsoft.com/en-us/library/ff608252%28v=ws.10%29.aspx

Windows Mobile Considerations for AD RMS

AD RMS and Windows Mobile Requirements

Active Directory Rights Management Services (AD RMS) integrates with Microsoft Windows Mobile?in Windows Mobile 6 and later devices. End users can create and consume protected e-mail messages and can read protected Microsoft Office documents on their Windows Mobile device.

 

AD RMS client capabilities are embedded in the operating system of Windows Mobile 6 and later devices. There is no AD RMS client available for Windows Mobile 5.0 or earlier; AD RMS can be used only on devices with Windows Mobile 6 and later. There is full interoperability when sharing AD RMS protected content between the different versions and editions of Windows Mobile 6 or later.

By default the Discretionary access control lists (DACLs) of the AD RMS mobile certification pipeline is restricted and must be enabled for Windows Mobile 6 or later devices to obtain certificates and licenses to create and consume AD RMS protected content. You can enable the certification of mobile devices
by giving the AD RMS Service Group and the user account objects of the AD RMS-enabled application Read and Read & Execute permissions to the MobileDeviceCertification.asmx file. This file is located under %systemdrive%Inetpubwwwroot_wmcsCertification by default. You must complete this process on each AD RMS server in the cluster.

 

 

QUESTION 178

Your network contains an enterprise root certification authority (CA).

 

You need to ensure that a certificate issued by the CA is valid.

 

What should you do?

 

A.

Run syskey.exe and use the Update option.

B.

Run sigverif.exe and use the Advanced option.

C.

Run certutil.exe and specify the -verify parameter.

D.

Run certreq.exe and specify the -retrieve parameter.

 

Correct Answer: C

Explanation:

http://blogs.technet.com/b/pki/archive/2006/11/30/basic-crl-checking-with-certutil.aspx

Basic CRL checking with certutil

Certutil.exe is the command-line tool to verify certificates and CRLs. To get reliable verification results, you must use certutil.exe because the Certificate MMC Snap-In does not verify the CRL of certificates. A certificate might be wrongly shown in the MMC snap-in as valid but once you verify it with certutil.exe you will see that the certificate is actually invalid.

 

 

QUESTION 179

You add an Online Responder to an Online Responder Array.

 

You need to ensure that the new Online Responder resolves synchronization conflicts for all members of the Array.

 

What should you do?

 

A.

From Network Load Balancing Manager, set the priority ID of the new Online Responder to 1.

B.

From Network Load Balancing Manager, set the priority ID of the new Online Responder to 32.

C.

From the Online Responder Management Console, select the new Online Responder, and then select Set as Array Controller.

D.

From the Online Responder Management Console, select the new Online Responder, and then selectSynchronize Members with Array Controller.

 

Correct Answer: C

Explanation:

Reference 1:

http://technet.microsoft.com/en-us/library/cc770413.aspx

Managing Array members

For each Array, one member is defined as the Array controller; the role of the Array controller is to help resolve synchronization conflicts and to apply updated revocation configuration information to all Array members.

 

Reference 2:

http://technet.microsoft.com/en-us/library/cc771281.aspx

To designate an Array controller

1. Open the Online Responder snap-in.

2. In the console tree, click Array Configuration Members.

3. Select the Online Responder that you want to designate as the Array controller.

4. In the Actions pane, click Set as Array Controller.

 

 

QUESTION 180

Your company has an Active Directory Rights Management Services (AD RMS) server. Users have Windows Vista computers. An Active Directory domain is configured at the Windows Server 2003 functional level.

 

You need to configure AD RMS so that users are able to protect their documents.

 

What should you do?

 

A.

Install the AD RMS client 2.0 on each client computer.

B.

Add the RMS service account to the local administrators group on the AD RMS server.

C.

Establish an e-mail account in Active Directory Domain Services (AD DS) for each RMS user.

D.

Upgrade the Active Directory domain to the functional level of Windows Server 2008.

 

Correct Answer: C

Explanation:

http://technet.microsoft.com/en-us/library/cc753531%28v=ws.10%29.aspx

AD RMS Step-by-Step Guide

For each user account and group that you configure with AD RMS, you need to add an e- mail address and then assign the users to groups.

 

Free VCE & PDF File for Microsoft 70-640 Real Exam

Instant Access to Free VCE Files: MCSE|MCSA|MCITP…
Instant Access to Free PDF Files: MCSE|MCSA|MCITP…