[Free] Download New Updated (February 2016) Microsoft 70-640 Practice Tests 301-310

Ensurepass

QUESTION 301

Your network contains an Active Directory domain. All domain controllers run Windows Server 2008 R2.

 

You mount an Active Directory snapshot.

 

You need to ensure that you can query the snapshot by using LDAP.

 

What should you do?

 

A.

Run the dsamain.exe command.

B.

Create custom views from Event Viewer.

C.

Run the ntdsutil.exe command.

D.

Configure subscriptions from Event Viewer.

E.

Run the Get-ADForest cmdlet.

F.

Create a Data Collector Set (DCS).

G.

Run the eventcreate.exe command.

H.

Configure the Active Directory Diagnostics Data Collector Set (DCS).

I.

Run the repadmin.exe command.

J.

Run the dsquery.exe command.

 

Correct Answer: A

Explanation:

http://technet.microsoft.com/en-us/library/cc753609.aspx

The Active Directory database mounting tool (Dsamain.exe) can improve recovery processes for your organization by providing a means to compare data as it exists in snapshots that are taken at different times so that you can better decide which data to restore after data loss. This eliminates the need to restore multiple backups to compare the Active Directory data that they contain.

Requirements for using the Active Directory database mounting tool You do not need any additional software to use the Active Directory database mounting tool. All the tools that are required to use this feature are built into Windows Server 2008 and are available if you have the AD DS or the AD LDS server role installed. These tools include the following:

Dsamain.exe, which you can use to expose the snapshot data as an LDAP server

Existing LDAP tools, such as Ldp.exe and Active Directory Users and Computers

 

 

 

 

 

 

 

 

 

 

QUESTION 302

HOTSPOT

Your network contains an Active Directory domain. The domain contains a domain controller named DC1 that runs windows Server 2008 R2 Service Pack 1 (SP1).

 

You need to implement a central store for domain policy templates.

 

What should you do?

 

To answer, select the source content that should be copied to the destination folder in the answer area.

 

clip_image002

 

Correct Answer:

clip_image004

 

 

QUESTION 303

A corporate network includes a single Active Directory Domain Services (AD DS) domain and two AD DS sites.

 

The AD DS sites are named Toronto and Montreal. Each site has multiple domain controllers.

 

You need to determine which domain controller holds the Inter-Site Topology Generator role for the Toronto site.

 

What should you do?

 

A.

Use the Active Directory Sites and Services console to view the NTDS Site Settings for the Toronto site.

B.

Use the Ntdsutil tool with the roles parameter.

C.

Use the Ntdsutil tool with the LDAP policies parameter.

D.

Use the Active Directory Sites and Services console to view the properties of each domain controller in the Toronto site.

 

Correct Answer: A

Explanation:

http://technet.microsoft.com/en-us/library/cc794776.aspx

 

Determine the ISTG Role Owner for a Site

 

The Intersite Topology Generator (ISTG) is the domain controller in each site that is responsible for generating the intersite topology. If you want to regenerate the intersite topology, you must determine the identity of the ISTG role owner in a site. You can use this procedure to view the NTDS Site Settings object properties and determine the ISTG role owner for the site.

 

To determine the ISTG role owner for a site

1. Open Active Directory Sites and Services.

2. In the console tree, click the site object whose ISTG role owner you want to determine.

3. In the details pane, right-click the NTDS Site Settings object, and then click Properties. The current role owner appears in the Server box under Inter-Site Topology Generator.

 

 

QUESTION 304

Your network contains an Active Directory domain. All domain controllers run Windows Server 2008 R2.

 

You need to create a snapshot of Active Directory.

 

What should you do?

 

A.

Run the dsquery.exe command.

B.

Run the dsamain.exe command.

C.

Create custom views from Event Viewer.

D.

Configure subscriptions from Event Viewer.

E.

Create a Data Collector Set (DCS).

F.

Configure the Active Directory Diagnostics Data Collector Set (DCS).

G.

Run the repadmin.exe command.

H.

Run the ntdsutil.exe command.

I.

Run the Get-ADForest cmdlet.

J.

Run the eventcreate.exe command.

 

Correct Answer: H

Explanation:

http://technet.microsoft.com/en-us/library/cc753609.aspx

 

To create an AD DS or AD LDS snapshot

1. Log on to a domain controller as a member of the Enterprise Admins groups or the Domain Admins group.

2. Click Start, right-click Command Prompt, and then click Run as administrator.

3. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.

4. At the elevated command prompt, type the following command, and then press ENTER: ntdsutil

5. At the ntdsutil prompt, type the following command, and then press ENTER: snapshot

6. At the snapshot prompt, type the following command, and then press ENTER: activate instance ntds

7. At the snapshot prompt, type the following command, and then press ENTER: create

 

 

 

 

 

 

QUESTION 305

A company has an Active Directory forest. You plan to install an offline Enterprise root certification authority (CA) on a server named CA1. CA1 is a member of the PerimeterNetwork workgroup and is attached to a hardware security module for private key storage.

 

You attempt to add the Active Directory Certificate Services (AD CS) server role to CA1.

 

The Enterprise CA option is not available.

 

You need to install the AD CS server role as an Enterprise CA on CA1.

 

What should you do first?

 

A.

Add the DNS Server server role to CA1.

B.

Add the Web Server (IIS) server role and the AD CS server role to CA1.

C.

Add the Active Directory Lightweight Directory Services (AD LDS) server role to CA1.

D.

Join CA1 to the domain.

 

Correct Answer: D

Explanation:

Reference 1:

http://kazmierczak.eu/itblog/2012/09/23/enterprise-ca-option-is-greyed-out-unavailable/

Many times, administrators ask me what to do when installing Active Directory Certificate Services they cannot choose to install Enterprise Certification Authority, because it’s unavailable.

Well, you need to fulfill basic requirements:

1. Server machine has to be a member server (domain joined).

2. (…)

 

Reference 2:

http://social.technet.microsoft.com/Forums/en/w7itproSP/thread/34f95b81-b196-4211-9a99-a06108521268

 

 

QUESTION 306

Your network contains an Active Directory domain. The domain contains 3,000 client computers. All of the client computers run Windows 7.

 

Users log on to their client computers by using standard user accounts.

 

You plan to deploy a new application named App1.

 

The vendor of App1 provides a Setup.exe file to install App1. Setup.exe requires administrative rights to run.

 

You need to deploy App1 to all client computers. The solution must meet the following requirements:

 

App1 must automatically detect and replace corrupt application files. App1 must be available from the Start menu on each client computer.

 

What should you do first?

 

A.

Create a logon script that calls Setup.exe for App1.

B.

Create a .zap file.

C.

Create a startup script that calls Setup.exe for App1.

D.

Repackage App1 as a Windows Installer package.

 

Correct Answer: D

Explanation:

http://technet.microsoft.com/en-us/library/cc739578.aspx

 

Windows Installer features Diagnoses and repairs corrupted applications–An application can query Windows Installer to determine whether an installed application has missing or corrupted files. If any are detected, Windows Installer repairs the application by recopying only those files found to be missing or corrupted.

 

 

QUESTION 307

Your network contains an Active Directory domain named contoso.com. Contoso.com contains a writable domain controller named DC1 and a read-only domain controller (RODC) named DC2. All domain controllers run Windows Server 2008 R2.

 

You need to install a new writable domain controller named DC3 in a remote site. The solution must minimize the amount of replication traffic that occurs during the installation of Active Directory Domain Services (AD DS) on DC3.

 

What should you do first?

 

A.

Run dcpromo.exe /createdcaccount on DC3.

B.

Run ntdsutil.exe on DC2.

C.

Run dcpromo.exe /adv on DC3.

D.

Run ntdsutil.exe on DC1.

 

Correct Answer: D

Explanation:

We can run dcpromo.exe /adv on DC3 to install a new writable domain controller using the Install From Media (IFM) option. That way there is less replication traffic. But before we can do that we have to create the installation media first. I suspect that’s what they mean when they say “What should you do first?” So first we create the installation media, then we use the installation media to install DC3.

Technet gives us instructions on how to create the installation media. It says:

“You can use the Ntdsutil.exe tool to create installation media for additional domain controllers that you are creating in a domain. By using the Install from Media (IFM) option, you can minimize the replication of directory data over the network. This helps you install additional domain controllers in remote sites more efficiently.” “You must use writeable domain controller installation media to install a writeable domain controller. You can create writeable domain controller installation media only on a writeable domain controller.”

Since DC2 in answer B is a read-only domain controller, that leaves us with answer D (“Run ntdsutil.exe on DC1”).

 

Reference 1:

http://technet.microsoft.com/en-us/library/cc770654.aspx

[Used for the information above]

[Some extra info on using IFM to install the DC:]

 

Reference 2:

http://http://technet.microsoft.com/en-us/library/cc732887.aspx

dcpromo /adv

Performs an install from media (IFM) operation.

 

Reference 3:

http://http://technet.microsoft.com/en-us/library/cc816722.aspx

Installing an Additional Domain Controller by Using IFM When you install Active Directory Domain Services (AD DS) by using the install from media (IFM) method, you can reduce the replication traffic that is initiated during the installation of an additional domain controller in an Active Directory domain. Reducing the replication traffic reduces the time that is necessary to install the additional domain controller.

 

 

QUESTION 308

A network contains an Active Directory forest. The forest contains three domains and two sites.

 

You remove the global catalog from a domain controller named DC2. DC2 is located in Site1.

 

You need to reduce the size of the Active Directory database on DC2. The solution must minimize the impact on all users in Site1.

 

What should you do first?

 

A.

On DC2, start the Protected Storage service.

B.

On DC2, stop the Active Directory Domain Services service.

C.

Start DC2 in Safe Mode.

D.

Start DC2 in Directory Services Restore Mode.

 

Correct Answer: B

Explanation:

http://technet.microsoft.com/en-us/library/cc816811.aspx

 

Returning Unused Disk Space from the Active Directory Database to the File System

 

During ordinary operation, the free disk space in the Active Directory database file becomes fragmented. Each time garbage collection runs (every 12 hours, by default), free disk space is automatically defragmented online to optimize its use within the database file. The unused disk space is maintained for the database; it is not returned to the file system.

 

Only offline defragmentation can return unused disk space from the directory database to the file system.

 

When database contents have decreased considerably through a bulk deletion (for example, when you remove the global catalog from a domain controll
er), or if the size of the database backup is significantly increased as a result of the amount of free disk space, use offline defragmentation to reduce the size of the Ntds.dit file.

 

On domain controllers that are running Windows Server 2008, offline defragmentation does not require restarting the domain controller in Directory Services Restore Mode (DSRM), as is required on domain controllers that are running versions of Windows Server 2000 and Windows Server 2003. You can use a new feature in Windows Server 2008, restartable Active Directory Domain Services (AD DS), to stop the AD DS service. When the service is stopped, services that depend on AD DS shut down automatically. However, any other services that are running on the domain controller, such as Dynamic Host Configuration Protocol (DHCP), continue to run and respond to clients.

 

 

 

 

QUESTION 309

Your network contains an Active Directory domain. The domain is configured as shown in the exhibit, (Click the Exhibit button.)

 

clip_image006

 

You need to ensure that when users log on to client computers, they are added automatically to the local Administrators group.

 

The users must be removed from the group when they log off of the client computers.

 

What should you do?

 

A.

Modify the Group Policy permissions.

B.

Enable block inheritance.

C.

Configure the link order.

D.

Enable loopback processing in merge mode.

E.

Enable loopback processing in replace mode.

F.

Configure WMI filtering.

G.

Configure Restricted Groups.

H.

Configure Group Policy Preferences.

I.

Link the Group Policy object (GPO) to the Finance organizational unit (OU).

J.

Link the Group Policy object (GPO) to the Human Resources organizational unit (OU).

 

Correct Answer: H

Explanation:

http://daniel.streefkerkonline.com/managing-local-admins-using-gpp/

http://www.grouppolicy.biz/2010/01/how-to-use-group-policy-preferences-to-secure-local-administrator-groups/

 

 

QUESTION 310

Your network contains an Active Directory domain named contoso.com.

 

The Active Directory sites are configured as shown in the Sites exhibit. (Click the Exhibit button.)

 

clip_image008

&nbsp
;

You need to ensure that DC1 and DC4 are the only servers that replicate Active Directory changes between the sites.

 

What should you do?

 

A.

Configure DC1 as a preferred bridgehead server for IP transport.

B.

Configure DC4 as a preferred bridgehead server for IP transport.

C.

From the DC4 server object, create a Connection object for DC1.

D.

From the DC1 server object, create a Connection object for DC4.

 

Correct Answer: B

Explanation:

MCTS 70-640 Cert Guide: Windows Server 2008 Active Directory, Configuring (Pearson IT Certification, 201
0) pages 193, 194

 

Bridgehead Servers

A bridgehead server is the domain controller designated by each site’s KCC to take control of intersite replication. The bridgehead server receives information replicated from other sites and replicates it to its site’s other domain controllers. It ensures that the greatest portion of replication occurs within sites rather than between them.

 

In most cases, the KCC automatically decides which domain controller acts as the bridgehead server.

 

However, you can use Active Directory Sites and Services to specify which domain controller will be the preferred bridgehead server by using the following steps:

 

1. In Active Directory Sites and Services, expand the site in which you want to specify the preferred bridgehead server.

2. Expand the Servers folder to locate the desired server, right-click it, and then choose Properties.

3. From the list labeled Transports available for intersite data transfer, select the protocol(s) for which you want to designate this server as a preferred bridgehead server and then click Add.

 

Original explanation:

 

Please Check Answer

Connections. The KCC creates connections that enable domain controllers to replicate with each other. A connection defines a one-way, inbound route from one domain controller, the source, to another domain controller, the destination. The KCC reuses existing connections where it can, deletes unused connections, and creates new connections if none exist that meet the current need. Bridgehead Servers. To communicate across site links, the KCC automatically designates a single server, called the bridgehead server, in each site to perform site-to-site replication. Subsequent replication occurs by replication within a site. When site links are established, authorized administrators can designate the bridgehead servers that they want to receive replication between sites. By designating a specific server to receive replication between sites, rather than using any available server, authorized administrators can specify the most beneficial conditions for the connection between sites. Bridgehead servers ensure that most replication occurs within sites rather than between sites.

 

http://technet.microsoft.com/library/dd277429.aspx

 

Free VCE & PDF File for Microsoft 70-640 Real Exam

Instant Access to Free VCE Files: MCSE|MCSA|MCITP…
Instant Access to Free PDF Files: MCSE|MCSA|MCITP…