[Free] Download New Updated (February 2016) Microsoft 70-640 Practice Tests 411-420

Ensurepass

QUESTION 411

A corporate network includes an Active Directory Domain Services (AD DS) forest that contains two domains. All servers run Windows Server 2008 R2. All domain controllers are configured as DNS servers.

 

A standard primary zone for dev.contoso.com is stored on a member server.

 

You need to ensure that all domain controllers can resolve names from the dev.contoso.com zone.

 

What should you do?

 

A.

On one domain controller, create a secondary zone.

B.

On the member server, create a secondary zone.

C.

On each domain controller, create a secondary zone.

D.

On one domain controller, create a conditional forwarder. Configure the conditional forwarder to replicate to all DNS servers in the domain.

 

Correct Answer: C

 

 

QUESTION 412

Your network contains an Active Directory forest named contoso.com. The functional level of the forest is Windows Server 2008 R2. You have four Active Directory sites. Each site has multiple Active Directory subnets.

 

You need to identify all of the authentication requests that originate from client computers that are not associated to an Active Directory subnet.

 

What should you use?

 

A.

The System log

B.

The %Systemroot%DebugNetsetup.log log file

C.

The Authentication User Interface operational log

D.

The %Systemroot%SecurityLogsWinlogon.log log file

 

Correct Answer: B

 

 

QUESTION 413

DRAG DROP

Your company has two domain controllers named DC1 and DC2. DC1 hosts all domain and forest operations master roles. DC1 fails.

 

You need to rebuild DC1 by reinstalling the operating system. You also need to rollback all operations master roles to their original state.

 

You perform a metadata cleanup and remove all references of DC1.

 

Which three actions should you perform next?

 

To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

 

clip_image002

 

Correct Answer:

clip_image004

 

 

 

 

 

 

 

QUESTION 414

Your network contains an Active Directory forest named contoso.com. The forest contains six domains.

 

You need to ensure that the administrators of any of the domains can specify a user principal name (UPN) suffix of litwareinc.com when they create user accounts by using Active Directory Users and Computers.

 

Which tool should you use?

 

A.

Set-ADAccountControl

B.

Active Directory Domains and Trusts

C.

Set-ADDomain

D.

Active Directory Users and Computers

 

Correct Answer: C

 

 

QUESTION 415

Your network contains an Active Directory domain.

 

You need to activate the Active Directory Recycle Bin in the domain.

 

Which tool should you use?

 

A.

Dsamain

B.

Set-ADDomain

C.

Add-WindowsFeature

D.

Ldp

 

Correct Answer: D

Explanation:

http://technet.microsoft.com/en-us/library/dd379481.aspx

 

Enabling Active Directory Recycle Bin

After the forest functional level of your environment is set to Windows Server 2008 R2, you can enable Active Directory Recycle Bin by using the following methods:

 

Enable-ADOptionalFeature Active Directory module cmdlet (This is the recommended method.)

 

Ldp.exe

 

 

 

 

 

 

 

 

 

 

 

 

 

 

QUESTION 416

HOTSPOT

Your network contains two Active Directory forests named contoso.com and fabrikam.com. The contoso.com forest contains a server named Server1l that has the Certification Authority role service installed.

 

You need to ensure that Windows 7 client computers in the fabrikam.com forest can enroll for certificates from Server1. The solution must minimize the number of role services installed on Server1.

 

Which additional role service or role services should you install?

 

To answer, select the appropriate role service or role services in the answer area.

 

clip_image006

 

Correct Answer:

clip_image008

 

 

QUESTION 417

Your network contains an Active Directory forest named contoso.com. The functional level of the forest is Windows Server 2008 R2. The DNS zone for contoso.com is Active Directory-integrated.

 

You deploy a read-only domain controller (RODC) named RODC1.

 

You install the DNS Server server role on RODC1.

 

You discover that RODC1 does not have any application directory partitions.

 

You need to ensure that RODC1 has a directory partition of contoso.com.

 

What should you do?

 

A.

From DNS Manager, create secondary zones.

B.

Run Dnscmd.exe, and specify the /enlistdirectorypartition parameter.

C.

From DNS Manager, right-click RODC1 and click Update Server Data Files.

D.

Run Dnscmd.exe and specify the /createbuiltindirectorypartitions parameter.

 

Correct Answer: B

Explanation:

http://technet.microsoft.com/en-us/library/cc742490.aspx

 

RODC Post-Installation Configuration

If you install DNS server after the AD DS installation, you must also enlist the RODC in the DNS application directory partitions. The RODC is not enlisted automatically in the DNS application directory partitions by design because it is a privileged operation. If the RODC were allowed to enlist itself, it would have permissions to add or remove other DNS servers that are enlisted in the application directory partitions.

 

To enlist a DNS server in a DNS application directory partition

1. Open an elevated command prompt.

2. At the command prompt, type the following command, and then press ENTER:

dnscmd<ServerName> /EnlistDirectoryPartition <FQDN>

 

For example, to enlist RODC01 in the domain-wide DNS application directory partition in a domain named child.contoso.com, type the following command:

 

dnscmd RODC01 /EnlistDirectoryPartition DomainDNSZones.child.contoso.com

 

 

QUESTION 418

Your network contains an Active Directory domain named contoso.com.

 

You need to create a script that runs the Best Practices Analyzer (BPA) each week for all of the server roles that BPA supports on each domain controller.

 

You must achieve this goal by using the minimum amount of administrative effort.

 

Which tools should you use? (Each correct answer presents part of the solution. Choose three.)

 

A.

Get-Troubleshooting Pack / Invoke-Troubleshooting Pack.

B.

Import-Module Best Practices.

C.

Get-BPA Model / Invoke-BPA Model.

D.

Import-Module Troubleshooting Pack.

E.

Get- BPA Result.

 

Correct Answer: BCE

Explanation:

Reference 1:

http://technet.microsoft.com/en-us/library/dd759206.aspx

To scan all roles by using Windows PowerShell cmdlets

1. Open a Windows PowerShell session with elevated user rights.

2. Import the Server Manager module into your Windows PowerShell session. To import the Server Manager module, type the following, and then press ENTER. Import-Module ServerManager

3. Import the BPA module. Type the following, and then press Enter. Import-Module BestPractices

4. Pipe all roles for which BPA scans can be performed into the Invoke-BPAModel cmdlet to start scans.

Get-BPAModel | Invoke-BPAModel

Reference 2:

http://technet.microsoft.com/en-us/library/ee617286.aspx

Get-BpaResult The Get-BPAResult cmdlet allows you to retrieve and view the results of the most recent Best Practices Analyzer (BPA) scan for a specific model.

 

 

 

 

 

 

 

 

 

 

 

QUESTION 419

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 and a domain controller named DC1.

 

On Server1, you configure a collector-initiated subscription for the Application log of DC1. The subscription is configured to collect all events.

 

After several days, you discover that Server1 failed to collect any events from DC1, although there are more than 100 new events in the Application log of DC1.

 

You need to ensure that Server1 collects events from DC1.

 

What should you do?

 

A.

On Server1, run wecutil quick-config.

B.

On Server1, run winrm quickconfig.

C.

On DC1, run wecutil quick-config.

D.

On DC1, run winrm quickconfig.

 

Correct Answer: D

Explanation:

Since the subscription has been created, wecutil quick-config has already run on Server1. Only thing left is to configure DC1 to forward the events, using winrm quickconfig.

 

Reference1:

Mastering Windows Server 2008 R2 (Sybex, 2010) page 773 Windows event Collector Service

The first time you select the Subscriptions node of Event Viewer or the Subscription tab of any log, a dialog box will appear stating that the Windows Event Collector Service must be running and configured. It then asks whether you want to start and configure the service. If you click Yes, it starts the service and changes the startup type from Manual to Automatic (Delayed Start), causing it to start each time Windows starts.

 

Reference 2:

http://technet.microsoft.com/en-us/library/cc748890.aspx

To configure computers in a domain to forward and collect events

1. Log on to all collector and source computers. It is a best practice to use a domain account with administrative privileges.

2. On each source computer, type the following at an elevated command prompt: winrm quickconfig

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

QUESTION 420

DRAG DROP

Your network contains an Active Directory forest named contoso.com. You need to create an Active Directory Rights Management Services (AD RMS) licensing-only cluster.

 

What should you do?

 

To answer, move the appropriate actions from the Possible Actions list to the Necessary Actions area and arrange them in the correct order.

 

clip_image010

 

Correct Answer:

clip_image012

 

Free VCE & PDF File for Microsoft 70-640 Real Exam

Instant Access to Free VCE Files: MCSE|MCSA|MCITP…
Instant Access to Free PDF Files: MCSE|MCSA|MCITP…