[Free] Download New Updated (February 2016) Microsoft 70-640 Practice Tests 281-290

Ensurepass

QUESTION 281

Your network contains an Active Directory forest. The forest schema contains a custom attribute for user objects.

 

You need to modify the custom attribute value of 500 user accounts.

 

Which tool should you use?

 

A.

Csvde

B.

Dsmod

C.

Dsrm

D.

Ldifde

 

Correct Answer: D

Explanation:

We cannot use Dsmod here, because it supports only a subset of commonly used object class attributes.

Csvde can only import and export data.

Dsrm is used to delete objects from the directory.

 

Reference:

http://technet.microsoft.com/en-us/library/cc731033.aspx

 

Ldifde

Creates, modifies, and deletes directory objects.

 

 

QUESTION 282

Your network contains a single Active Directory domain. The functional level of the forest is Windows Server 2008 R2.

 

You need to enable the Active Directory Recycle Bin.

 

What should you use?

 

A.

the Dsmod tool

B.

the Enable-ADOptionalFeature cmdlet

C.

the Ntdsutil tool

D.

the Set-ADDomainMode cmdlet

 

Correct Answer: B

Explanation:

Similar question to question L/Q5.

 

Reference:

http://technet.microsoft.com/en-us/library/dd379481.aspx

 

Enabling Active Directory Recycle Bin

 

After the forest functional level of your environment is set to Windows Server 2008 R2, you can enable Active Directory Recycle Bin by using the following methods:

 

Enable-AD
OptionalFeature Active Directory module cmdlet (This is the recommended method.)

 

Ldp.exe

 

 

QUESTION 283

You install a read-only domain controller (RODC) named RODC1.

 

You need to ensure that a user named User1 can administer RODC1. The solution must minimize the number of permissions assigned to User1.

 

Which tool should you use?

 

A.

Active Directory Administrative Center

B.

Active Directory Users and Computers

C.

Dsadd

D.< /font>

Dsmgmt

 

Correct Answer: B

Explanation:

Reference 1:

http://technet.microsoft.com/en-us/library/cc755310.aspx

 

Delegating local administration of an RODC

Administrator Role Separation (ARS) is an RODC feature that you can use to delegate the ability to administer an RODC to a user or a security group. When you delegate the ability to log on to an RODC to a user or a security group, the user or group is not added the Domain Admins group and therefore does not have additional rights to perform directory service operations.

 

Steps and best practices for setting up ARS

You can specify a delegated RODC administrator during an RODC installation or after it.

 

To specify the delegated RODC administrator after installation, you can use either of the following options:

 

Modify the Managed By tab of the RODC account properties in theActive Directory Users and Computerssnap-in, as shown in the following figure. You can click Change to change which security principal is the delegated RODC administrator. You can choose only one security principal. Specify a security group rather than an individual user so you can control RODC administration permissions most efficiently. This method changes the managedBy attribute of the computer object that corresponds to the RODC to the SID of the security principal that you specify. This is the recommended way to specify the delegated RODC administrator account because the information is stored in AD DS, where it can be centrally managed by domain administrators.

 

clip_image002

 

Use the ntdsutil local roles command or thedsmgmtlocal roles command. You can use this command to view, add, or remove members from the Administrators group and other built- in groups on the RODC.[See also the second reference for more information on how to use dsmgmt.]

 

Using ntdsutil or dsmgmt to specify the delegated RODC administrator account is not recommendedbecause the information is stored only locally on the RODC. Therefore, when you use ntdsutil local roles to delegate an administrator for the RODC, the account that you specify does not appear on the Managed By tab of the RODC account properties. As a result, using the Active Directory Users and Computers snap-in or a similar tool will not reveal that the RODC has a delegated administrator.

 

In addition, if you demote an RODC, any security principal that you specified by using ntdsutil local roles remains stored in the registry of the server. This can be a security concern if you demote an RODC in one domain and then promote it to be an RODC again in a different domain. In that case, the original security principal would have administrative rights on the new RODC in the different domain.

 

Reference 2:

http://technet.microsoft.com/en-us/library/cc732301.aspx

 

Administrator Role Separation Configuration

This section provides procedures for creating a local administrator role for an RODC and for adding a user to that role.

 

To configure Administrator Role Separation for an RODC Click Start, click Run, type cmd, and then press ENTER. At the command prompt, typedsmgmt.exe, and then press ENTER. At the DSMGMT prompt, typelocal roles, and then press ENTER. For a list of valid parameters, type ?, and then press ENTER. By default, no local administrator role is defined on the RODC after AD DS installation. To add the local administrator role, use the Add parameter.

Type add <DOMAIN><user><administrative role>

For example, type add CONTOSOtestuser administrators

 

 

QUESTION 284

Your network contains an Active Directory domain. The domain contains two domain controllers named DC1 and DC2.

 

You perform a full backup of the domain controllers every night by using Windows Server Backup.

 

You update a script in the SYSVOL folder.

 

You discover that the new script fails to run properly. You need to restore the previous version of the script in the SYSVOL folder. The solution must minimize the amount of time required to restore the script.

 

What should you do first?

 

A.

Run the Restore-ADObject cmdlet.

B.

Restore the system state to its original location.

C.

Restore the system state to an alternate location.

D.

Attach the VHD file created by Windows Server Backup.

 

Correct Answer: D

Explanation:

http://technet.microsoft.com/en-us/magazine/2008.05.adbackup.aspx

Active Directory Backup and Restore in Windows Server 2008

NTBACKUP vs. Windows Server Backup

As an added bonus, Windows Server Backup stores its backup images in Microsoft?Virtual Hard Disk (VHD) format. You can actually take a backup image and mount it as a volume in a virtual machine running under Microsoft Virtual Server 2005. You can simply mount the VHDs in a virtual machine and browse for a particular file rather than having to perform test restores of tapes to see which one has the file is on it. (A note of caution: you can’t take a backup image and boot a virtual machine from it. Since the backed-up hardware configuration doesn’t correspond to the virtual machine’s configuration, you can’t use Windows Server Backup as a physical-to-virtual migration tool.)

 

 

QUESTION 285

Your network contains a domain controller that runs Windows Server 2008 R2. You run the following command on the domain controller:

 

dsamain.exe -dbpath c:$SNAP_201006170326_VOLUMEC$WindowsNTDSntds.dit – ldapport 389 -allowNonAdminAccess

 

The command fails.

 

You need to ensure that the command completes successfully.

 

How should you modify the command?

 

A.

Include the path to Dsamain.

B.

Change the value of the -dbpath parameter.

C.

Change the value of the -ldapport parameter.

D.

Remove the allowNonAdminAccess

 

Correct Answer: C

Explanation:

MS Press – Self-Paced Training Kit (Exam 70-640) (2nd Edition, July 2012) page 690

 

Use the AD DS database mounting tool to load the snapshot as an LDAP server.

 

dsamain -dbpath c:$SNAP_datetime_VOLUMEC$windowsntdsntds.dit -ldapport portnumber

 

Be sure to use ALL CAPS for the -dbpath value and use any number beyond 40,000 for the -ldapport value to ensure that you do not conflict with AD DS.

 

Also note that you can use the minus (? sign or the slash (/) for the options in the command.

 

 

QUESTION 286

You need to create a Password Settings object (PSO).

 

Which tool should you use?

 

A.

Active Directory Users and Computers

B.

ADSI Edit

C.

Group Policy Management Console

D.

Ntdsutil

 

Correct Answer: B

Explanation:

http://technet.microsoft.com/en-us/library/cc754461.aspx

You can create Password Settings objects (PSOs): using the Active Directory module for Windows PowerShell using ADSI Edit using ldifde

 

 

QUESTION 287

Your network contains an Active Directory forest.

 

You add an additional user principal name (UPN) suffix to the forest.

 

You need to modify the UPN suffix of all users. You want to achieve this goal by using the minimum amount of administrative effort.

 

What should you use?

 

A.

the Active Directory Domains and Trusts console

B.

the Active Directory Users and Computers console

C.

the Csvde tool

D.

the Ldifde tool

 

Correct Answer: D

 

 

QUESTION 288

Your network contains an Active Directory domain. All domain controllers run Windows Server 2008. The functional level of the domain is Windows Server 2003. All client computers run Windows 7.

 

You install Windows Server 2008 R2 on a server named Server1.

 

You need to perform an offline domain join of Server1.

 

Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

 

A.

From Server1, run djoin.exe.

B.

From Server1, run netdom.exe.

C.

From a Windows 7 computer, run djoin.exe.

D.

Upgrade one domain controller to Windows Server 2008 R2.

E.

Raise the functional level of the domain to Windows Server 2008.

 

Correct Answer: AC

Explanation:

MS Press – Self-Paced Training Kit (Exam 70-640) (2nd Edition, July 2012) pages 217, 218

 

Offline Domain Join

Offline domain join is also useful when a computer is deployed in a lab or other disconnected environment.

 

When the computer is connected to the domain network and started for the first time, it will already be a member of the domain. This also helps to ensure that Group Policy settings are applied at the first startup.

 

Four major steps are required to join a computer to the domain by using offline domain join:

1. Log on to a computer in the domain that is running Windows Server 2008 R2 or Windows 7 with an account that has permissions to join computers to the domain.

2. Use the DJoin command to provision a computer for offline domain join. This step prepopulates Active Directory with the information that Active Directory needs to join the computer to the domain, and exports the information called a blob to a text file.

3. At the offline computer that you want to join the domain use DJoin to import the blob into the Windows directory.

4. When you start or restart the computer, it will be a member of the domain.

 

 

QUESTION 289

You need to back up all of the group policies in a domain. The solution must minimize the size of the backup.

 

What should you use?

 

A.

the Add-WBSystemState cmdlet

B.

the Group Policy Management console

C.

the Wbadmin tool

D.

the Windows Server Backup feature

 

Correct Answer: B

Explanation:

http://technet.microsoft.com/en-us/library/cc770536.aspx

 

To back up a Group Policy object

1. In the Group Policy Management Console (GPMC) console tree, open Group Policy Objects in the forest and domain containing the Group Policy object (GPO) to back up.

2. To back up a single GPO, right-click the GPO, and then click Back Up. To back up all GPOs in the domain, right-click Group Policy objects and click Back Up All.

 

 

QUESTION 290

Your network contains a single Active Directory domain.

 

A domain controller named DC2 fails.

 

You need to remove DC2 from Active Directory.

 

Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

 

A.

At the command prompt, run dcdiag.exe /fix.

B.

At the command prompt, run netdom.exe remove dc2.

C.

From Active Directory Sites and Services, delete DC2.

D.

From Active Directory Users and Computers, delete DC2.

 

Correct Answer: CD

Explanation:

http://technet.microsoft.com/en-us/library/cc816907.aspx

 

Clean Up Server Metadata

Metadata cleanup is a required procedure after a forced removal of Active Directory Domain Services (AD DS).

 

You perform metadata cleanup on a domain controller in the domain of the domain controller that you forcibly removed. Metadata cleanup removes data from AD DS that identifies a domain controller to the replication system.

 

Clean up server metadata by using GUI tools

 

Clean up server metadata by using Active Directory Users and Computers

1. Open Active Directory Users and Computers: On the Start menu, point to Administrative Tools, and then click Active Directory Users and Computers.

2. Expand the domain of the domain controller that was forcibly removed, and then click Domain Controllers.

3. In the details pane, right-click the computer object of the domain controller whose metadata you want to clean up, and then click Delete.

 

Clean up server metadata by using Active Directory Sites and Services

1. Open Active Directory Sites and Services: On the Start menu, point to Administrative Tools, and then click Active Directory Sites and Services

2. Expand the site of the domain controller that was forcibly removed, expand Servers, expand the name of the domain controller, right-click the NTDS Settings object, and then click Delete.

 

Free VCE & PDF File for Microsoft 70-640 Real Exam

Instant Access to Free VCE Files: MCSE|MCSA|MCITP…
Instant Access to Free PDF Files: MCSE|MCSA|MCITP…