[Free] Download New Updated (February 2016) Microsoft 70-640 Practice Tests 311-320

Ensurepass

QUESTION 311

Your network contains a server that has the Active Directory Lightweight Directory Services (AD LDS) role installed.

 

You need to perform an automated installation of an AD LDS instance.

 

Which tool should you use?

 

A.

Dism.exe

B.

Servermanagercmd.exe

C.

Adaminstall.exe

D.

Ocsetup.exe

 

Correct Answer: C

Explanation:

http://technet.microsoft.com/en-us/library/cc816774.aspx

 

To perform an unattended install of an AD LDS instance

1. Create a new text file by using any text editor.

2. Specify the installation parameters.

3. At a command prompt (or in a batch or script file), change to the drive and directory that contains the AD LDS setup files.

4. At the command prompt, type the following command, and then press ENTER:

%systemroot%ADAMadaminstall.exe /answer:drive:<pathname><filename>.txt”

 

 

 

 

 

QUESTION 312

Your network contains an Active Directory forest. The forest contains 10 domains. All domain controllers are configured as global catalog servers.

 

You remove the global catalog role from a domain controller named DC5.

 

You need to reclaim the hard disk space used by the global catalog on DC5.

 

What should you do?

 

A.

From Active Directory Sites and Services, run the Knowledge Consistency Checker (KCC).

B.

From Active Directory Sites and Services, modify the general properties of DC5.

C.

From Ntdsutil, use the Semantic database analysis option.

D.

From Ntdsutil, use the Files option.

 

Correct Answer: D

Explanation:

Reference 1:

http://http://technet.microsoft.com/en-us/library/cc816618.aspx

Database defragmentation

In cases in which the data decreases significantly, such as when the global catalog is removed from a domain controller, free disk space is not automatically returned to the file system. Although this condition does not affect database operation, it does result in large amounts of free disk space in the database. To decrease the size of the database
file by returning free disk space from the database file to the file system, you can perform an offline defragmentation of the database. Whereas online defragmentation occurs automatically while AD DS is running, offline defragmentation requires taking the domain controller offline and using the Ntdsutil.exe command-line tool to perform the procedure.

Reference 2:

http://technet.microsoft.com/en-us/library/cc794920.aspx

To perform offline defragmentation of the directory database

1. Open a Command Prompt as an administrator: On the Start menu, right-click Command Prompt, and then click Run as administrator. If the User Account Control dialog box appears, provide credentials, if required, and then click Continue.

2. At the command prompt, type the following command, and then press ENTER: net stop ntds

3. Type Y to agree to stop additional services, and then press ENTER.

4. At the command prompt, type ntdsutil, and then press ENTER.

5. At the ntdsutil prompt, type activate instance ntds, and then press ENTER.

6. At the ntdsutil prompt, type files, and then press ENTER.

 

 

QUESTION 313

Your network contains an Active Directory forest. The forest contains one domain named contoso.com.

 

You attempt to create a new child domain and you receive the following error message:

 

“An LDAP read of operational attributes failed.”

 

You need to ensure that you can add a new child domain to the forest.

 

What should you do?

 

A.

Move the PDC emulator role.

B.

Move the RID master role.

C.

Move the infrastructure master role.

D.

Move the schema master role.

E.

Move the domain naming master role.

F.

Move the global catalog server.

G.

Move the bridgehead server.

H.

Install a read-only domain controller (RODC).

I.

Deploy an additional global catalog server.

J.

Restart the Active Directory Domain Services (AD DS) service.

 

Correct Answer: E

Explanation:

This message appears when the domain naming master is unavailable. It needs to be moved to another domain controller to resolve this.

 

Reference:

http://technet.microsoft.com/en-us/library/bb727058.aspx

 

Troubleshooting Active Directory Installation Wizard Problems

 

Symptom or Error

 

An LDAP read of operational attributes failed.

 

Root Cause

The domain naming master for the forest is offline or cannot be contacted.

 

Solution Make the current domain naming master accessible. If necessary, see “Seizing Operations Master Roles” in this guide.

 

 

QUESTION 314

You create a standard primary zone for contoso.com.

 

You need to specify a user named Admin1 as the person responsible for managing the zone.

 

What should you do? (Each correct answer presents a complete solution. Choose two.)

 

A.

Open the %SystemrootSystem32DNSContoso.com.dns file by using Notepad and change all instances of “hostmaster.contoso.com” to “admin1.contoso.com”.

B.

From DNS Manager, open the properties of the Start of Authority (SOA) record ofcontoso.com, Specify admin1.contoso.com as the responsible person.

C.

Open the %SystemrootSystem32DNSContoso.com.dns file by using Notepad and change all instances of “hostmaster@contoso.com” to “admin1@contoso.com”.

D.

From DNS Manager, open the properties of the Start of Authority (SOA) record ofcontoso.com.Specify admin1@contoso.com as the responsible person.

 

Correct Answer: AB

Explanation:

Reference 1:

http://technet.microsoft.com/en-us/library/cc816941.aspx

 

To modify the start of authority (SOA) resource record for a zone using the Windows interface

1. Open DNS Manager.

2. In the console tree, right-click the applicable zone, and then click Properties.

3. Click the Start of Authority (SOA) tab.

4. As needed, modify properties for the start of authority (SOA) resource record.

5. Click OK to save the modified properties.

 

Reference 2:

http://technet.microsoft.com/en-us/library/dd197495.aspx

The SOA resource record contains the following information:

SOA resource record fields

Responsible person The e-mail address of the person responsible for administering the zone. A period (.) is used instead of an at sign (@) in this e-mail name.

(…)

 

 

QUESTION 315

Your network contains an Active Directory forest named fabrikam.com. The forest contains the following domains:

 

clip_image002Fabrikam.com

clip_image002[1]Eu.fabrikam.com

clip_image002[2]Na.fabrikam.com

clip_image002[3]Eu.contoso.com

clip_image002[4]Na.contoso.com

 

You need to configure the forest to ensure that the administrators of any of the domains can specify a user principal name (UPN) suffix of contoso.com when they create user accounts from Active Directory Users and Computers.

 

Which tool should you use?

 

A.

Active Directory Sites and Services

B.

Set-ADDomain

C.

Set-ADForest

D.

Active Directory Administrative Center

 

Correct Answer: C

Explanation:

We would use the following command to achieve this:

Set-ADForest -UPNSuffixes @{Add=”contoso.com”}

 

Reference 1:

http://technet.microsoft.com/en-us/library/dd391925.aspx

 

Creating a UPN Suffix for a Forest

This topic explains how to use the Active Directory module for Windows PowerShell to create a new user principal name (UPN) suffix for the users in a forest. Creating an additional UPN suffix helps simplify the names that are used to log on to another domain in the forest.

 

Example

The following example demonstrates how to create a new UPN suffix for the users in the Fabrikam.com forest:

Set-ADForest -UPNSuffixes @{Add=”headquarters.fabrikam.com”}

 

Reference 2

http://technet.microsoft.com/en-us/library/ee617221.aspx

Set-ADForest Modifies an Active Directory forest.

Parameter

UPNSuffixes

Modifies the list of user principal name (UPN) suffixes of the forest. This parameter sets the multi-valued msDS-UPNSuffixes property of the cross-reference container. This parameter uses the following syntax to add remove, replace, or clear UPN suffix values.

 

Syntax:

To add values:

-UPNSuffixes @{Add=value1,value2,…}

 

 

QUESTION 316

A domain controller named DC4 runs Windows Server 2008 R2. DC4 is configured as a DNS server for fabrikam.com.

 

You install the DNS Server server role on a member server named DNS1 and then you create a standard secondary zone for fabrikam.com. You configure DC4 as the master server for the zone.

 

You need to ensure that DNS1 receives zone updates from DC4.

 

What should you do?

 

A.

Add the DNS1 computer account to the DNSUpdateProxy group.

B.

On DC4, modify the permissions offabrikam.com zone.

C.

On DNS1, add a conditional forwarder.

D.

On DC4, modify the zone transfer settings for the fabrikam.com zone.

 

Correct Answer: D

Explanation:

http://technet.microsoft.com/en-us/library/cc771652.aspx

 

Modify Zone Transfer Settings

You can use the following procedure to control whether a zone will be transferred to other servers and which servers can receive the zone transfer.

 

To modify zone transfer settings using the Windows interface

 

1. Open DNS Manager.

2. Right-click a DNS zone, and then click Properties.

3. On the Zone Transfers tab, do one of the following:

 

To disable zone transfers, clear the Allow zone transfers check box.

 

To allow zone transfers, select the Allow zone transfers check box.

 

4. If you allowed zone transfers, do one of the following:

 

To allow zone transfers to any server, click To any server.

 

To allow zone transfers only to the DNS servers that are listed on the Name Servers tab, click Only to servers listed on the Name Servers tab.

 

To allow zone transfers only to specific DNS servers, click Only to the following servers, and then add the IP address of one or more DNS servers.

QUESTION 317

A corporate network includes an Active Directory-integrated zone. All DNS servers that host the zone are domain controllers.

 

You add multiple DNS records to the zone.

 

You need to ensure that the new records are available on all DNS servers as soon as possible.

 

Which tool should you use?

 

A.

Ldp

B.

Repadmin

C.

Ntdsutil

D.

Nslookup

E.

Active Directory Sites And Services console

F.

Active Directory Domains And Trusts console

G.

Dnslint

H.

Dnscmd

 

Correct Answer: B

Explanation:

To make sure that the new DNS records are replicated to all DNS servers we can use the repadmin tool.

Reference:

 

http://technet.microsoft.com/en-us/library/cc811569.aspx

 

Forcing Replication

Sometimes it becomes necessary to forcefully replicate objects and entire partitions between domain controllers that may or may not have replication agreements.

 

Force a replication event with all partners

 

The repadmin /syncall command synchronizes a specified domain controller with all replication partners.

 

Syntax

 

repadmin /syncall <DC> [<NamingContext>] [<Flags>]

 

Parameters

 

<DC>

 

Specifies the host name of the domain controller to synchronize with all replication partners.

 

<NamingContext>

 

Specifies the distinguished name of the directory partition.

 

<Flags>

 

Performs specific actions during the replication.

 

 

QUESTION 318

Your network contains two forests named adatum.com and litwareinc.com. The functional level of all the domains is Windows Server 2003. The functional level of both forests is Windows 2000.

 

You need to create a forest trust between adatum.com and litwareinc.com.

 

What should you do first?

 

A.

Create an external trust.

B.

Raise the functional level of both forests.

C.

Configure SID filtering.

D.

Raise the functional level of all the domains.

 

Correct Answer: B

Explanation:

http://technet.microsoft.com/en-us/library/cc771397.aspx

 

When to create a forest trust

You can create a forest trust between forest root domains if the forest functional level is Windows Server 2003 or higher.

 

 

QUESTION 319

Your network contains an Active Directory domain named contoso.com.

 

You have an organizational unit (OU) named Sales and an OU named Engineering.

 

You have a Group Policy object (GPO) linked to the domain.

 

You need to ensure that the settings in the GPO are not processed by user accounts or computer accounts in the Sales OU. You must achieve this goal by using the minimum amount of administrative effort.

 

What should you do?

 

A.

Modify the Group Policy permissions.

B.

Enable block inheritance.

C.

Configure the link order.

D.

Enable loopback processing in merge mode.

E.

Enable loopback processing in replace mode.

F.

Configure WMI filtering.

G.

Configure Restricted Groups.

H.

Configure Group Policy Preferences.

I.

Link the GPO to the Sales OU.

J.

Link the GPO to the Engineering OU.

 

Correct Answer: B

Explanation:

http://technet.microsoft.com/en-us/library/cc731076.aspx

 

Block Inheritance You can block inheritance for a domain or organizational unit. Blocking inheritance prevents Group Policy objects (GPOs) that are linked to higher sites, domains, or organizational units from being automatically inherited by the child-level.

 

QUESTION 320

Your network contains a single Active Directory domain. The domain contains an enterprise certification authority (CA).

 

You need to ensure that the encryption keys for e-mail certificates can be recovered from the CA database.

 

You modify the e-mail certificate template to support key archival.

 

What should you do next?

 

A.

Issue the key recovery agent certificate template.

B.

Run certutil.exe -recoverkey.

C.

Run certreq.exe-policy.

D.

Modify the location of the Authority Information Access (AIA) distribution point.

 

Correct Answer: A

Explanation:

http://technet.microsoft.com/en-us/library/cc770588.aspx

 

Identify a Key Recovery Agent

 

A key recovery agent is a person who is authorized to recover a certificate on behalf of an end user. Because the role of key recovery agents can involve sensitive data, only highly trusted individuals should be assigned to this role.

 

To identify a key recovery agent, you must configure the Key Recovery Agent certificate template to allow the person assigned to this role to enroll for a key recovery agent certificate.

 

Free VCE & PDF File for Microsoft 70-640 Real Exam

Instant Access to Free VCE Files: MCSE|MCSA|MCITP…
Instant Access to Free PDF Files: MCSE|MCSA|MCITP…