[Free] Download New Updated (February 2016) Microsoft 70-640 Practice Tests 251-260

Ensurepass

QUESTION 251

Your network contains an Active Directory forest. The forest contains one domain. The domain contains two domain controllers named DC1 and DC2 that run Windows Server 2008 R2.

 

DC1 was installed before DC2.

 

DC1 fails.

 

You need to ensure that you can add 1,000 new user accounts to the domain.

 

What should you do?

 

A.	Modify the permissions of the DC2 computer account.
B.	Seize the schema master FSMO role.
C.	Configure DC2 as a global catalog server.
D.	Seize the RID master FSMO role.

 

Correct Answer: D

Explanation:

MS Press – Self-Paced Training Kit (Exam 70-640) (2nd Edition, July 2012) pages 536-537

RID master failure

A failed RID master eventually prevents domain controllers from creating new SIDs and, therefore, prevents you from creating new accounts for users, groups, or computers. However, domain controllers receive a sizable pool of RIDs from the RID master, so unless you are generating numerous new accounts, you can often go for some time without the RID master online while it is being repaired. Seizing this role to another domain controller is a significant action. After the RID master role has been seized, the domain controller that had been performing the role cannot be brought back online.

 

 

QUESTION 252

Your network contains an Active Directory domain named contoso.com.

 

You need to create a central store for the Group Policy Administrative templates.

 

What should you do?

 

A.	Run dfsrmig.exe /createglobalobjects.
B.	Run adprep.exe /domainprep /gpprep.
C.	Copy the %SystemRoot%PolicyDefinitions folder to the\contoso.comSYSVOLcontoso.comPoliciesfolder.
D.	Copy the %SystemRoot%System32GroupPolicy folder to the\contoso.comSYSVOLcontoso.comPolicies folder.

 

Correct Answer: C

Explanation:

http://www.vmadmin.co.uk/microsoft/43-winserver2008/220-svr08admxcentralstore

Creating an ADMX central store for group policies

To take advantage of the benefits of .admx files, you must create a Central Store in the SYSVOL folder. The Central Store is a location that is checked by GPMC. The GPMC will use .admx files that are in the Central Store. The files that are in the Central Store are replicated to all domain controllers in the domain.

First on a domain controller (Windows Server 2008/2008 R2) the ADMX policy definitions and language template files in %SYSTEMROOT%PolicyDefinitions need copying to %SYSTEMROOT%SYSVOLdomainPoliciesPolicyDefinitions.

Run the following command to copy the entire folder contents to SYSVOL. This will then replicate to all domain controllers (the default ADMX policies and EN-US language templates (ADML) are about 6.5 MB in total).

xcopy /E “%SYSTEMROOT%PolicyDefinitions”

“%SYSTEMROOT%SYSVOLdomainPolicies

PolicyDefinitions”

 

 

Next ensure you have remote server administration tools (RSAT) installed on your client computer you are using to edit the GPO’s. This will need to be Windows Vista or Windows 7.

For Windows Vista enable the RSAT feature (GPMC).

For Windows 7 download and install RSAT then enable the RSAT feature (GPMC).

When editing a GPO in the GMPC you will find that the Administrative Templates show as “Policy Definitions (ADMX files) retrieved from the central store”.

This confirms it is working as expected.

 

 

Further information:

http://support.microsoft.com/kb/929841/en-us

How to create the Central Store for Group Policy Administrative Template files in Windows Vista

http://msdn.microsoft.com/en-us/library/bb530196.aspx

Managing Group Policy ADMX Files Step-by-Step Guide

http://technet.microsoft.com/en-us/library/cc748955%28v=ws.10%29.aspx

Scenario 2: Editing Domain-Based GPOs Using ADMX Files

 

 

< p class="MsoNormal" style="cursor: auto; margin: 0cm 0cm 0pt; line-height: normal; text-autospace: ; mso-layout-grid-align: none" align="left">QUESTION 253

Your network contains a single Active Directory domain. The functional level of the forest is Windows Server 2008. The functional level of the domain is Windows Server 2008 R2. All DNS servers run Windows Server 2008. All domain controllers run Windows Server 2008 R2.

 

You need to ensure that you can enable the Active Directory Recycle Bin.

 

What should you do?

 

A.	Change the functional level of the forest.
B.	Change the functional level of the domain.
C.	Modify the Active Directory schema.
D.	Modify the Universal Group Membership Caching settings.

 

Correct Answer: A

Explanation:

http://technet.microsoft.com/en-us/library/dd392261.aspx

 

Active Directory Recycle Bin Step-by-Step Guide

By default, Active Directory Recycle Bin in Windows Server 2008 R2 is disabled. To enable it, you must first raise the forest functional level of your AD DS or AD LDS environment to Windows Server 2008 R2, which in turn requires all forest domain controllers or all servers that host instances of AD LDS configuration sets to be running Windows Server 2008 R2.

 

 

QUESTION 254

Your network contains an Active Directory domain. The domain contains 1,000 user accounts.

 

You have a list that contains the mobile phone number of each user. You need to add the mobile number of each user to Active Directory.

 

What should you do?

 

A.	Create a file that contains the mobile phone numbers, and then run ldifde.exe.
B.	Create a file that contai ns the mobile phone numbers, and then run csvde.exe.
C.	From Adsiedit, select the CN=Users container, and then modify the properties of the container.
D.	From Active Directory Users and Computers, select all of the users, and then modify the properties of the users.

 

Correct Answer: A

Explanation:

CSVDE can only import and export data from AD DS.

 

http://technet.microsoft.com/en-us/library/cc732101.aspx

 

Reference:

http://technet.microsoft.com/en-us/library/cc731033.aspx

 

Ldifde

Creates, modifies, and deletes directory objects.

 

QUESTION 255

You have an Active Directory snapshot.

 

You need to view the contents of the organizational units (OUs) in the snapshot.

 

Which tools should you run?

 

A.	explorer.exe, netdom.exe, and dsa.msc
B.	ntdsutil.exe, dsamain.exe, and dsa.msc
C.	wbadmin.msc, dsamain.exe, and netdom.exe
D.	wbadmin.msc, ntdsutil.exe, and explorer.exe

 

Correct Answer: B

 

 

QUESTION 256

You have an enterprise subordinate certification authority (CA).

 

You have a custom Version 3 certificate template.

 

Users can enroll for certificates based on the custom certificate template by using the Certificates console. The certificate template is unavailable for Web enrollment.

 

You need to ensure that the certificate template is available on the Web enrollment pages.

 

What should you do?

 

A.	Run certutil.exe Cpulse.
B.	Run certutil.exe Cinstallcert.
C.	Change the certificate template to a Version 2 certificate template.
D.	On the certificate template, assign the Autoenroll permission to the users.

 

Correct Answer: C

Explanation:

Identical to F/Q12.

Reference 1:

http://technet.microsoft.com/en-us/library/cc732517.aspx

Certificate Web enrollment cannot be used with version 3 certificate templates.

Reference 2:

http://blogs.technet.com/b/ad/archive/2008/06/30/2008-web-enrollment-and-version-3-templates.aspx

The reason for this blog post is that one of our customers called after noticing some unexpected behavior when they were trying to use the Server 2008 certificate web enrollment page to request a Version 3 Template based certificate. The problem was that no matter what they did the Version 3 Templates would not appear as certificates which could be requested via the web page. On the other hand, version 1 and 2 templates did appear in the page and requests could be done successfully using those templates.

 

 

 

 

 

 

 

 

QUESTION 257

Your network contains an Active Directory domain. The domain contains a group named Group1.

 

The minimum password length for the domain is set to six characters.

 

You need to ensure that the passwords for all users in Group1 are at least 10 characters long. All other users must be able to use passwords that are six characters long.

 

What should you do first?

 

A.	Run the New-ADFineGrainedPasswordPolicy cmdlet.
B.	Run the Add-ADFineGrainedPasswordPolicySubject cmdlet.
C.	From the Default Domain Policy, modify the password policy.
D.	From the Default Domain Controller Policy, modify the password policy.

 

Correct Answer: A

Explanation:

First we need to create a new Active Directory fine grained password policy, using New- ADFineGrainedPasswordPolicy.

Then we can apply the new policy to Group1, using Add- ADFineGrainedPasswordPolicySubject.

 

Reference:

http://technet.microsoft.com/en-us/library/ee617238.aspx

 

New-ADFineGrainedPasswordPolicy

Creates a new Active Directory fine grained password policy.

 

 

QUESTION 258

Your network contains an Active Directory domain named contoso.com. You have a management computer named Computer1 that runs Windows 7.

 

You need to forward the logon events of all the domain controllers in contoso.com to Computer1.

 

All new domain controllers must be dynamically added to the subscription.

 

What should you do?

 

A.	From Computer1, configure source-initiated event subscriptions. From a Group Policy object (GPO) linked to the Domain Controllers organizational unit (OU), configure the Event Forwarding node.
B.	From Computer1, configure collector-initiated event subscriptions. From a Group Policy object (GPO) linked to the Domain Controllers organizational unit (OU), configure the Event Forwarding node.
C.	From Computer1, configure source-initiated event subscriptions. Install a server authentication certificate on Computer1. Implement autoenrollment for the Domain Controllers organizational unit (OU).
D.	From Computer1, configure collector-initiated event subscriptions. Install a server authentication certificate on Computer1. Implement autoenrollment for the Domain Controllers organizational unit (OU).

 

Correct Answer: A

Explanation:

http://msdn.microsoft.com/en-us/library/windows/desktop/bb870973(v=vs.85).aspx

 

Setting up a Source Initiated Subscription

Source-initiated subscriptions allow you to define a subscription on an event collector computer without defining the event source computers, and then multiple remote event source computers can be set up (using a group policy setting) to forward events to the event collector computer. This differs from a collector initiated subscription because in the collector initiated subscription model, the event collector must define all the event sources in the event subscription.

 

 

QUESTION 259

You remotely monitor several domain controllers.

 

You run winrm.exe quickconfig on each domain controller.

 

You need to create a WMI script query to retrieve information from the bios of each domain controller.

 

Which format should you use to write the query?

 

A.	XrML
B.	XML
C.	WQL
D.	HTML

 

Correct Answer: C

Explanation:

http://msdn.microsoft.com/en-us/library/windows/desktop/aa394606%28v=vs.85%29.aspx

WQL (SQL for WMI)

The WMI Query Language (WQL) is a subset of the American National Standards Institute Structured Query Language (ANSI SQL)–with minor semantic changes.

 

 

QUESTION 260

Your network contains two Active Directory forests named contoso.com and nwtraders.com. Active Directory Rights Management Services (AD RMS) is deployed in each forest.

 

You need to ensure that users from the nwtraders.com forest can access AD RMS protected content in the contoso.com forest.

 

What should you do?

 

A.	Add a trusted user domain to the AD RMS cluster in the nwtraders.com domain.
B.	Create an external trust from nwtraders.com to contoso.com.
C.	Add a trusted user domain to the AD RMS cluster in the contoso.com domain.
D.	Create an external trust from contoso.com to nwtraders.com.

 

Correct Answer: C

Explanation:

http://technet.microsoft.com/en-us/library/hh311036.aspx

 

Using AD RMS trust

It is not necessary to create trust or federation relationships between the Active Directory forests of organizations to be able to share rights-protected information between separate organizations. AD RMS provides two types of trust relationships that provide this kind of rights-protected information exchange. A trusted user domain (TUD) allows the AD RMS root cluster to process requests for client licensor certificates or use licenses from users whose rights account certificates (RACs) were issued by a different AD RMS root cluster. You add a trusted user domain by importing the server licensor certificate of the AD RMS cluster to trust.

 

Free VCE & PDF File for Microsoft 70-640 Real Exam

Instant Access to Free VCE Files: MCSE|MCSA|MCITP…
Instant Access to Free PDF Files: MCSE|MCSA|MCITP…