[Free] Download New Updated (February 2016) Microsoft 70-640 Practice Tests 291-300

Ensurepass

QUESTION 291

Your network contains an Active Directory domain. The domain contains five domain controllers. A domain controller named DC1 has the DHCP role and the file server role installed.

 

You need to move the Active Directory database on DC1 to an alternate location.The solution must minimize impact on the network during the database move.

 

What should you do first?

 

A.

Restart DC1 in Safe Mode.

B.

Restart DC1 in Directory Services Restore Mode.

C.

Start DC1 from Windows PE.

D.

Stop the Active Directory Domain Services service on DC1.

 

Correct Answer: D

Explanation:

http://technet.microsoft.com/en-us/library/cc794895%28v=ws.10%29.aspx

Relocating the Active Directory Database Files

Applies To: Windows Server 2008, Windows Server 2008 R2 Relocating Active Directory database files usually involves moving files to a temporary location while hardware updates are being performed and then moving the files to a permanent location. On domain controllers that are running versions of Windows 2000 Server and Windows Server 2003, moving database files requires restarting the domain controller in Directory Services Restore Mode (DSRM). Windows Server 2008 introduces restartable Active Directory Domain Services (AD DS), which you can use to perform database management tasks without restarting the domain controller in DSRM. Before you move database files, you must stop AD DS as a service.

 

 

 

 

 

 

 

QUESTION 292

Your network contains a single Active Directory domain. All servers run Windows Server 2008 R2.

 

You deploy a new server that runs Windows Server 2008 R2. The server is not connected to the internal network.

 

You need to ensure that the new server is already joined to the domain when it first connects to the internal network.

 

What should you do?

 

A.

From a domain controller, run sysprep.exe and specify the /oobe parameter. From the new server, run sysprep.exe and specify the /generalize parameter.

B.

From a domain controller, run sysprep.exe and specify the /generalize parameter. From the new server, run sysprep.exe and specify the /oobe parameter.

C.

From a domain-joined computer, run djoin.exe and specify the /provision parameter. From the new server, run djoin.exe and specify the /requestodj parameter.

D.

From a domain-joined computer, run djoin.exe and specify the /requestodj parameter. From the new server, run djoin.exe and specify the /provision parameter.

 

Correct Answer: C

Explanation:

Reference 1:

MS Press – Self-Paced Training Kit (Exam 70-640) (2nd Edition, July 2012) pages 217, 218 Offline Domain Join

Offline domain join is also useful when a computer is deployed in a lab or other disconnected environment.

When the computer is connected to the domain network and started for the first time, it will already be a member of the domain. This also helps to ensure that Group Policy settings are applied at the first
startup. Four major steps are required to join a computer to the domain by using offline domain join:

1. Log on to a computer in the domain that is running Windows Server 2008 R2 or Windows 7 with an account that has permissions to join computers to the domain.

2. Use the DJoin command to provision a computer for offline domain join. This step prepopulates Active Directory with the information that Active Directory needs to join the computer to the domain, and exports the information called a blob to a text file.

3. At the offline computer that you want to join the domain use DJoin to import the blob into the Windows directory.

4. When you start or restart the computer, it will be a member of the domain.

Reference 2:

http://technet.microsoft.com/nl-nl/library/offline-domain-join-djoin-step-by-step.aspx

Steps for performing an offline domain join

The offline domain join process includes the following steps:

1. Run the djoin.exe /provision command to create computer account metadata for the destination computer (the computer that you want to join to the domain). As part of this command, you must specify the name of the domain that you want the computer to join.

2. Run the djoin.exe /requestODJ command to insert the computer account metadata into the Windows directory of the destination computer.

3. When you start the destination computer, either as a virtual machine or after a complete operating system installation, the computer will be joined to the domain that you specify.

 

 

 

 

QUESTION 293

You have an enterprise subordinate certification authority (CA).

 

You have a custom Version 3 certificate template.

 

Users can enroll for certificates based on the custom certificate template by using the Certificates console. The certificate template is unavailable for Web enrollment.

 

You need to ensure that the certificate template is available on the Web enrollment pages.

 

What should you do?

 

A.

Run certutil.exe pulse.

B.

Run certutil.exe installcert.

C.

Change the certificate template to a Version 2 certificate template.

D.

On the certificate template, assign the Autoenroll permission to the users.

 

Correct Answer: C

Explanation:

Identical to F/Q33.

Reference 1:

http://technet.microsoft.com/en-us/library/cc732517.aspx

Certificate Web enrollment cannot be used with version 3 certificate templates.

Reference 2:

http://blogs.technet.com/b/ad/archive/2008/06/30/2008-web-enrollment-and-version-3-templates.aspx

The reason for this blog post is that one of our customers called after noticing some unexpected behavior when they were trying to use the Server 2008 certificate web enrollment page to request a Version 3 Template based certificate. The problem was that no matter what they did the Version 3 Templates would not appear as certificates which could be requested via the web page. On the other hand, version 1 and 2 templates did appear in the page and requests could be done successfully using those templates.

 

 

QUESTION 294

Your network contains an Active Directory-integrated zone. All DNS servers that host the zone are domain controllers.

 

You add multiple DNS records to the zone.

 

You need to ensure that the records are replicated to all DNS servers.

 

Which tool should you use?

 

A.

Dnslint

B.

Ldp

C.

Nslookup

D.

Repadmin

 

Correct Answer: D

Explanation:

To make sure that the new DNS records are replicated to all DNS servers we can use the repadmin tool.

 

Reference:

http://technet.microsoft.com/en-us/library/cc811569.aspx

 

Forcing Replication Sometimes it becomes necessary to forcefully replicate objects and entire partitions between domain controllers that may or may not have replication agreements.

 

Force a replication event with all partners The repadmin /syncall command synchronizes a specified domain controller with all replication partners.

 

Syntax

 

repadmin /syncall <DC> [<NamingContext>] [<Flags>]

 

Parameters

 

<DC>Specifies the host name of the domain controller to synchronize with all replication partners.

 

<NamingContext>Specifies the distinguished name of the directory partition.

 

<Flags> Performs specific actions during the replication.

 

 

QUESTION 295

Your network contains an Active Directory forest. All domain controllers run Windows Server 2008 Standard.

 

The functional level of the domain is Windows Server 2003.

 

You have a certification authority (CA).

 

The relevant servers in the domain are configured as shown below:

 

clip_image002

 

You need to ensure that you can install the Active Directory Certificate Services (AD CS) Certificate Enrollment Web Service on the network.

 

What should you do?

 

A.

Upgrade Server1 to Windows Server 2008 R2.

B.

Upgrade Server2 to Windows Server 2008 R2.

C.

Raise the functional level of the domain to Windows Server 2008.

D.

Install the Windows Server 2008 R2 Active Directory Schema updates.

 

Correct Answer: D

Explanation:

http://technet.microsoft.com/en-us/library/dd759243.aspx

 

Installation requirements

Before installing the certificate enrollment Web services, ensure that your environment meets these requirements:

 

A host computer as a domain member running Windows Server 2008 R2.

 

An Active Directory forest with a Windows Server 2008 R2 schema.

 

An enterprise certification authority (CA) running Windows Server 2008 R2, Windows Server 2008, or Windows Server 2003.

 

 

QUESTION 296

Your network contains an Active Directory domain that contains five domain controllers.

 

You have a management computer that runs Windows 7.

 

From the Windows 7 computer, you need to view all account logon failures that occur in the domain.

 

The information must be consolidated on one list.

 

Which command should you run on each domain controller?

 

A.

Wecutil.exe qc

B.

Wevtutil.exe gli

C.

Winrm.exe quickconfig

D.

Winrshost.exe

 

Correct Answer: C

Explanation:

http://blogs.technet.com/b/jonjor/archive/2009/01/09/winrm-windows-remote-managementtroubleshooting.aspx

WinRM (Windows Remote Management) Troubleshooting

What is WinRM?

New in Windows Vista, Windows Server 2003 R2, Windows Server 2008 (and Server 2008 Core) are WinRM & WinRS. Windows Remote Management (known as WinRM) is a handy new remote management service.

WinRM is the “server” component of this remote management application and WinRS (Windows Remote Shell) is the “client” for WinRM, which runs on the remote computer attempting to remotely manage the WinRM server. However, I should note that BOTH computers must have WinRM installed and enabled on them for WinRS to work and retrieve information from the remote system.

 

How to install WinRM

The WinRM is not dependent on any other service except WinHttp. If the IIS Admin Service is installed on the same computer, you may see messages that indicate WinRM cannot be loaded before Interent Information Services (IIS). However, WinRM does not actually depend on IIS: these messages occur because the load order ensures that the IIS service starts before the HTTP service. WinRM does require that WinHTTP.dll be registered. (Stated simply: WinRM service should be set to Automatic (Delayed Start) on Windows Vista and Server 2008)

The WinRM service starts automatically on Windows Server 2008.

On Windows Vista, the service must be started manually.

How to configure WinRM

To set the default configuration type:

winrm quickconfig (or the abbreviated version, winrm qc)

`winrm qc’ performs the following operations:

1. Starts the WinRM service and sets the service startup type to auto-start.

2. Configures a listener for the ports that send and receive WS-Management protocol messages using either HTTP or HTTPS on any IP address.

3. Defines ICF exceptions for the WinRM service and opens the ports for HTTP and HTTPS.

(Note: Winrm quickconfig also configures Winrs default settings)

 

 

QUESTION 297

Your network contains a single Active Directory domain. Client computers run either Windows XP Service Pack 3 (SP3) or Windows 7. All of the computer accounts for the client computers are located in an organizational unit (OU) named OU1.

 

You link a new Group Policy object (GPO) named GPO10 to OU1.

 

You need to ensure that GPO10 is applied only to client computers that run Windows 7.

 

What should you do?

 

A.

Create a new OU in OU1. Move the Windows XP computer accounts to the new OU.

B.

Enable block inheritance on OU1.

C.

Create a WMI filter and assign the filter to GPO10.

D.

Modify the permissions of OU1.

 

Correct Answer: C

Explanation:

http://technet.microsoft.com/en-us/library/cc947846.aspx

To make sure that each GPO associated with a group can only be applied to computers running the correct version of Windows, use the Group Policy Management MMC snap-in to create and assign WMI filters to the GPO. Although you can create a separate membership group for each GPO, you would then have to manage the memberships of the different groups. Instead, use only a single membership group, and let WMI filters automatically ensure the correct GPO is applied to each computer.

 

 

QUESTION 298

Your network contains a single Active Directory domain.

 

You need to create an Active Directory Domain Services snapshot.

 

What should you do?

 

A.

Use the Ldp tool.

B.

Use the NTDSUtil tool.

C.

Use the Wbadmin tool.

D.

From Windows Server Backup, perform a full backup.

 

Correct Answer: B

Explanation:

http://technet.microsoft.com/en-us/library/cc753609.aspx

 

To create an AD DS or AD LDS snapshot

1. Log on to a domain controller as a member of the Enterprise Admins groups or the Domain Admins group.

2. Click Start, right-click Command Prompt, and then click Run as administrator.

3. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.

4. At the elevated command prompt, type the following command, and then press ENTER: ntdsutil

5. At the ntdsutil prompt, type the following command, and then press ENTER: snapshot

6. At the snapshot prompt, type the following command, and then press ENTER: activate instance ntds

7. At the snapshot prompt, type the following command, and then press ENTER: create

 

 

QUESTION 299

You configure and deploy a Group Policy object (GPO) that contains AppLocker settings.

 

You need to identify whether a specific application file is allowed to run on a computer.

 

Which Windows PowerShell cmdlet should you use?

 

A.

Get-AppLockerFileInformation

B.

Get-GPOReport

C.

Get-GPPermissions

D.

Test-AppLockerPolicy

 

Correct Answer: D

Explanation:

http://technet.microsoft.com/en-us/library/ee460960.aspx

 

Test-AppLockerPolicy

Tests whether the input files are allowed to run for a given user based on the specified AppLocker policy.

 

 

QUESTION 300

Your network contains 10 domain controllers that run Windows Server 2008 R2. The network contains a member server that is configured to collect all of the events that occur on the domain controllers.

 

You need to ensure that administrators are notified when a specific event occurs on any of the domain controllers. You want to achieve this goal by using the minimum amount of administrative effort.

 

What should you do?

 

A.

From Event Viewer on the member server, create a subscription.

B.

From Event Viewer on each domain controller, create a subscription.

C.

From Event Viewer on the member server, run the Create Basic Task Wizard.

D.

From Event Viewer on each domain controller, run the Create Basic Task Wizard.

 

Correct Answer: C

Explanation:

Since the member server is collecting all domain controller events we just need to run the Create Basic Task Wizard on the member server, which enables us to send an e-mail when a specific event is logged. Running the wizard on every domain controller would work, but is much more work and we need to use the minimum amount of administrative effort.

 

Reference:

http://technet.microsoft.com/en-us/library/cc748900.aspx

 

To Run a Task in Response to a Given Event

1. Start Event Viewer.

2. In the console tree, navigate to the log that contains the event you want to associate with a task.

3. Right-click the event and select Attach Task to This Event.

4. Perform each step presented by the Create Basic Task Wizard.

 

In the Action step in the wizard you can decide to send an e-mail.

 

Free VCE & PDF File for Microsoft 70-640 Real Exam

Instant Access to Free VCE Files: MCSE|MCSA|MCITP…
Instant Access to Free PDF Files: MCSE|MCSA|MCITP…