[Free] Download New Updated (February 2016) Microsoft 70-640 Practice Tests 341-350

Ensurepass

QUESTION 341

Your network contains two Active Directory forests named contoso.com and nwtraders.com. The functional level of both forests is Windows Server 2003. Contoso.com contains one domain. Nwtraders.com contains two domains.

 

You need to ensure that users in contoso.com can access the resources in all domains. The solution must require the minimum number of trusts.

 

Which type of trust should you create?

 

A.

external

B.

forest

C.

realm

D.

shortcut

 

Correct Answer: B

Explanation:

http://technet.microsoft.com/en-us/library/cc771397.aspx

 

When to create a forest trust

You can create a forest trust between forest root domains if the forest functional level is Windows Server 2003 or higher. Creating a forest trust between two root domains with a forest functional level of Windows Server 2003 or higher provides a one-way or two-way, transitive trust relationship between every domain in each forest. Forest trusts are useful for application service providers, organizations undergoing mergers or acquisitions, collaborative business extranets, and organizations seeking a solution for administrative autonomy.

 

 

QUESTION 342

You have a DNS zone that is stored in a custom application partition.

 

You need to add a domain controller to the replication scope of the custom application partition.

 

Which tool should you use?

 

A.

DNScmd

B.

DNS Manager

C.

Server Manager

D.

Dsmod

 

Correct Answer: A

Explanation:

http://technet.microsoft.com/en-us/library/cc753801.aspx

 

After you create a Domain Name System (DNS) application directory partition to store a zone, you must enlist the DNS server that hosts the zone in the application directory partition.

 

To enlist a DNS server in a DNS application directory partition

1. Open a command prompt.

2. Type the following command, and then press ENTER: dnscmd <ServerName> / EnlistDirectoryPartition <FQDN>

 

 

 

 

QUESTION 343

Your network c
ontains an Active Directory forest. All client computers run Windows 7.

 

The network contains a high-volume enterprise certification authority (CA).

 

You need to minimize the amount of network bandwidth required to validate a certificate.

 

What should you do?

 

A.

Configure an LDAP publishing point for the certificate revocation list (CRL).

B.

Configure an Online Certification Status Protocol (OCSP) responder.

C.

Modify the settings of the delta certificate revocation list (CRL).

D.

Replicate the certificate revocation list (CRL) by using Distributed File System (DFS).

 

Correct Answer: B

Explanation:

MS Press – Self-Paced Training Kit (Exam 70-640) (2nd Edition, July 2012) page 779

 

Online responder

 

This service is designed to respond to specific certificate validation requests through the Online Certificate

 

Status Protocol (OCSP). Using an online responder (OR), the system relying on PKI does not need to obtain a full CRL and can submit a validation request for a specific certificate. The online responder decodes the validation request and determines whether the certificate is valid. When it determines the status of the requested certificate, it sends back an encrypted response containing the information to the requester. Using online responders is much faster and more efficient than using CRLs. AD CS includes online responders as a new feature in Windows Server 2008 R2.

 

 

QUESTION 344

You create a user account template for the marketing department.

 

When you copy the user account template, you discover that the Web page attribute is not copied.

 

You need to preserve the Web page attribute when you copy the user account template.

 

What should you do?

 

A.

From Active Directory Administrative Center, modify the value of the wWWHomePage attribute for the user account template.

B.

From the Active Directory Schema snap-in, modify the properties of the user class.

C.

From Active Directory Users and Computers, modify the value of the wWWHomePage attribute for the user account template.

D.

From ADSI Edit, modify the properties of the wWWHomePage attribute.

 

Correct Answer: B

Explanation:

http://technet.microsoft.com/en-us/library/cc771231.aspx

 

You can modify which default attributes are carried over to a newly copied user or specify additional attributes that will be copied to the new user. To do this, open the Active Directory Schema snap-in, view the desired attribute properties, and select (or clear) the Attribute is copied when duplicating user check box. You can modify or add only the attributes that are instances of the user class.

 

 

QUESTION 345

Your company, Contoso, Ltd., has a main office and a branch office. The offices are connected by a WAN link.Contoso has an Active Directory forest that contains a single domain named ad.contoso.com.

 

The ad.contoso.com domain contains one domain controller named DC1 that is located in the main office. DC1 is configured as a DNS server for the ad.contoso.com DNS zone. This zone is configured as a standard primary zone.

 

You install a new domain controller named DC2 in the branch office. You install DNS on DC2.

 

You need to ensure that the DNS service can update records and resolve DNS queries in the event that aWAN link fails.

 

What should you do?

 

A.

Create a new secondary zone named ad.contoso.com on DC2.

B.

Create a new stub zone named ad.contoso.com on DC2.

C.

Configure the DNS server on DC2 to forward requests to DC1.

D.

Convert the ad.contoso.com zone on DC1 to an Active Directory-integrated zone.

 

Correct Answer: D

Explanation:

Three answers don’t make sense, leaving us with the one that works. Create a new secondary zone named ad.contoso.com on DC2. This would create a read-only zone, so it couldn’t be updated Create a new stub zone named ad.contoso.com on DC2. This stub zone would contain source information about authoritative name servers for its zone only, being DC1, but that one would be unavailable in the WAN link fails. Configure the DNS server on DC2 to forward requests to DC1. This doesn’t help if the WAN link fails and DC1 is unavailable.

 

 

QUESTION 346

Your network contains an Active Directory forest named contoso.com. The forest contains two domains named contoso.com and child.contoso.com. All domain controllers run Windows Server 2008. All forest-wide operations master roles are in child.contoso.com.

 

An administrator successfully runs adprep.exe /forestprep from the Windows Server 2008 R2 Service Pack 1 (SP1) installation media.

 

You plan to run adprep.exe /domainprep in each domain.

 

You need to ensure that you have the required user rights to run the command successfully in each domain.

 

Of which groups should you be a member? (Each correct answer presents part of the solution. Choose two.)

 

A.

Administrators in child.contoso.com

B.

Enterprise Admins in contoso.com

C.

Domain Admins in child.contoso.com

D.

Domain Admins in contoso.com

E.

Administrators in contoso.com

F.

Schema Admins in contoso.com

 

Correct Answer: CD

Explanation:

http://technet.microsoft.com/de-de/library/cc731728.aspx

 

Adprep /domainprep

Prepares a domain for the introduction of a domain controller that runs Windows Server 2008. You run this command after the forestprep command finishes and after the changes replicate to all the domain controllers in the forest.

 

Run this command in each domain where you plan to add a domain controller that runs Windows Server 2008.

 

You must run this command on the domain controller that holds the infrastructure operations master role for the domain. You must be a member of the Domain Admins group to run this command.

 

 

QUESTION 347

You deploy an Active Directory Federation Services (AD FS) Federation Service Proxy on a server namedServer1.

 

You need to configure the Windows Firewall on Server1 to allow external users to authenticate by using AD FS.

 

Which protocol should you allow on Server1?

 

A.

Kerberos

B.

SSL

C.

SMB

D.

RPC

 

Correct Answer: B

Explanation:

MS Press – Self-Paced Training Kit (Exam 70-640) (2nd Edition, July 2012) page 903

AD FS relies on secure HTTP communications by using SSL authentication certificates to verify the identity of both the server and the client during communications. Because of this, all communications occur through port 443 over HTTPS.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

QUESTION 348

Your network contains an Active Directory domain named contoso.com.

 

Contoso.com contains a server named Server2.

 

You open the System properties on Server2 as shown in the exhibit. (Click the Exhibit button.)

 

clip_image002

 

When you attempt to configure Server2 as an enterprise subordinate certification authority (CA), you discover that the enterprise subordinate CA option is unavailable.

 

You need to configure Server2 as an enterprise subordinate CA.

 

What should you do first?

 

A.

Upgrade Server2 to Windows Server 2008 R2 Enterprise.

B.

Log in as an administrator and run Server Manager.

C.

Import the root CA certificate.

D.

Join Server2 to the domain.

 

Correct Answer: D

Explanation:

http://social.technet.microsoft.com/Forums/nl-BE/winserversecurity/thread/1a1172c6-abdb-4c5a-8a7cea254de5dada

 

 

QUESTION 349

Your network contains an Active Directory forest named contoso.com. The functional level of the forest is Windows Server 2008 R2. The forest contains a single domain.

 

You need to ensure that objects can be restored from the Active Directory Recycle Bin.

 

Which tool should you use?

 

A.

Ntdsutil

B.

Set-ADDomain

C.

Dsamain

D.

Enable-ADOptionalFeature

 

Correct Answer: D

Explanation:

Similar question to question E/Q28

 

Reference:

http://technet.microsoft.com/en-us/library/dd379481.aspx

 

Enabling Active Directory Recycle Bin

 

After the forest functional level of your environment is set to Windows Server 2008 R2, you can enable Active Directory Recycle Bin by using the following methods:

 

Enable-ADOptionalFeature Active Directory module cmdlet (This is the recommended method.)

 

Ldp.exe

 

 

QUESTION 350

Your network contains an Active Directory domain named contoso.com. Contoso.com contains two sites named Site1 and Site2. Site1 contains a domain controller named DC1.

 

In Site1, you install a new domain controller named DC2. You ship DC2 to Site2.

 

You discover that certain users in Site2 authenticate to DC1.

 

You need to ensure that the users in Site2 always attempt to authenticate to DC2 first.

 

What should you do?

 

A.

From Active Directory Users and Computers, modify the Location settings of the DC2 computer object.

B.

From Active Directory Sites and Services, modify the Location attribute for Site2.

C.

From Active Directory Sites and Services, move the DC2 server object.

D.

From Active Directory Users and Computers, move the DC2 computer object.

 

Correct Answer: C

Explanation:

DC2 may be shipped to Site2, but it’s not yet associated properly with Site2 in Active Directory.

 

Reference1:

http://technet.microsoft.com/en-us/library/cc816674.aspx

To move a server object to a new site

1. Open Active Directory Sites and Services.

2. In the console tree, expand Sites and the site in which the server object resides.< /font>

3. Expand Servers to display the domain controllers that are currently configured for that site.

4. Right-click the server object that you want to move, and then click Move.

5. In Site Name, click the destination site, and then click OK.

6. Expand the site object to which you moved the server, and then expand the Servers container.

7. Verify that an object for the server that you moved exists.

8. Expand the server object, and verify that an NTDS Settings object exists.

 

Reference2:

http://technet.microsoft.com/en-us/library/cc754697.aspx

Using sites

Sites help facilitate several activities, including:

(…)

Authentication. Site information helps make authentication faster and more efficient. When a client logs on to a domain, it first requests a domain controller in its local site for authentication. By establishing sites, you can ensure that clients use domain controllers that are nearest to them for authentication, which reduces authentication latency and traffic on wide area network (WAN) connections.

 

Free VCE & PDF File for Microsoft 70-640 Real Exam

Instant Access to Free VCE Files: MCSE|MCSA|MCITP…
Instant Access to Free PDF Files: MCSE|MCSA|MCITP…