[Free] Download New Updated (February 2016) Microsoft 70-640 Practice Tests 421-430

Ensurepass

QUESTION 421

HOTSPOT

Your network contains an Active Directory domain named contoso.com.

 

You need to ensure that IP addresses can be resolved to fully qualified domain names (FQDNs).

 

Under which node in the DNS snap-in should you add a zone?

 

To answer, select the appropriate node in the answer area.

 

clip_image002

 

Correct Answer:

clip_image004

 

 

QUESTION 422

A corporate network includes a single Active Directory Domain Services (AD D5) domain. The domain contains 10 domain controllers. The domain controllers run Windows Server 2008 R2 and are configured as DNS servers.

 

You plan to create an Active Directory-integrated zone.

 

You need to ensure that the new zone is replicated to only four of the domain controllers.

 

What should you do first?

 

A.

Create a new delegation in the ForestDnsZones application directory partition.

B.

Create a new delegation in the DomainDnsZones application directory partition.

C.

Use the dnscmd tool with the /zoneadd parameter.

D.

Use the ntdsutil tool to add a naming context.

 

Correct Answer: D

 

 

QUESTION 423

Your network contains an Active Directory domain. The domain is configured as shown in the exhibit. (Click the Exhibit button.)

 

clip_image005

 

You have two Group Policy objects (GPOs) named GPO1 and GPO2. GPO1 and GPO2 are linked to the Finance organizational unit (OU) and contain multiple settings.

 

You discover that GPO2 has a setting that conflicts with a setting in GPO1. When the policies are applied, the setting in GPO2 takes effect.

 

You need to ensure that the settings in GPO1 supersede the settings in GPO2. The solution must ensure that all non-conflicting settings in both GPOs are applied.

 

What should you do?

 

A.

Modify the Group Policy permissions.

B.

Enable block inheritance.

C.

Configure the link order.

D.

Enable loopback processing in merge mode.

E.

Enable loopback processing in replace mode.

F.

Configure WMI filtering.

G.

Configure Restricted Groups.

H.

Configure Group Policy Preferences.

I.

Link the GPO to the Finance OU.

J.

Link the GPO to the Human Resources OU.

 

Correct Answer: C

 

 

QUESTION 424

Your network contains an Active Directory domain named contoso.com. The domain has one Active Directory site.

 

The domain contains an organizational unit (OU) named 0U1. OU1 contains user accounts for 100 users and their managers.

 

You apply a Group Policy object (GPO) named GPO1 to OU1. GPO1 restricts several desktop settings.

 

The managers request that the desktop settings not be applied to them.

 

You need to prevent the desktop settings in GPO1 from being applied to the managers. All other users in OU1 must have GPO1 applied to them.

 

What should you do?

 

A.

Link GPO1 to the site and remove the link for GPO1 from OU1.

B.

Move the managers to a child OU of OU1 and block inheritance on the child OU.

C.

Configure the permissions on OU1.

D.

Disable the computer configurations of GPO1.

 

Correct Answer: B

 

 

QUESTION 425

DRAG DROP

ABC.com has an Active Directory forest on a single domain. The domain operates Windows Server 2008. A new administrator accidentally deletes the entire organizational unit in the Active Directory database that hosts 6000 objects.

 

You have backed up the system state data using third-party backup software. To restore backup, you start the domain controller in the Directory Services Restore Mode (DSRM).

 

You need to perform an authoritative restore of the organizational unit and restore the domain controller to its original state.

 

Which three actions should you perform?

 

clip_image007

 

Correct Answer:

clip_image009

 

 

QUESTION 426

HOTSPOT

Your network contains an Active Directory forest named contoso.com. All client computers run Windows 7 Enterprise.

 

You need automatically to create a local group named PowerManagers on each client computer that contains a battery. The solution must minimize the amount of administrative effort.

 

Which node in Group Policy Management Editor should you use?

 

To answer, select the appropriate node in the answer area.

 

clip_image011

 

Correct Answer:

clip_image013

 

 

QUESTION 427

Your network contains an Active Directory forest. The forest contains one domain named contoso.com.

 

You attempt to run adprep /forestprep and the operation fails.

 

You discover that the first domain controller deployed to the forest failed.

 

You need to run adprep /forestprep successfully.

 

What should you do?

 

A.

Move the PDC emulator role.

B.

Move the RID master role.

C.

Move the infrastructure master role.

D.

Move the schema master role.

E.

Move the global catalog server.

F.

Move the bridgehead server.

G.

Install a read-only domain controller (RODC).

H.

Deploy an additional global catalog server.

I.

Restart the Active Directory Domain Services (AD DS) service.

 

Correct Answer: D

 

 

QUESTION 428

Your network contains an Active Directory domain named adatum.com. All servers run Windows Server 2008 R2 Enterprise. All client computers run Windows 7 Professional.

 

The network contains an enterprise certification authority (CA).

 

You enable key archival on the CA. The CA is configured to use custom certificate templates for Encrypted File System (EFS) certificates.

 

All users plan to encrypt files by using EFS.

 

You need to ensure that the private keys for all new EFS certificates are archived.

Which snap-in should you use?

 

A.

Share and Storage Management

B.

Security Configuration wizard

C.

Enterprise PKI

D.

Active Directory Administrative Center

E.

Certification Authority

F.

Group Policy Management

G.

Certificate Templates

H.

Authorization Manager

I.

Certificates

 

Correct Answer: G

Explanation:

http://technet.microsoft.com/en-us/library/cc753826.aspx

 

Configure a Certificate Template for Key Archival

 

The key archival process takes place when a certificate is issued. Therefore, a certificate template must be modified to archive keys before any certificates are issued based on this template.

 

Key archival is strongly recommended for use with the Basic Encrypting File System (EFS) certificate template in order to protect users from data loss, but it can also be useful when applied to other types of certificates.

 

To configure a certificate template for key archival and recovery

1. Open the Certificate Templates snap-in.

2. In the details pane, right-click the certificate template that you want to change, and then click Duplicate Template.

3. In the Duplicate Template dialog box, click Windows Server 2003 Enterprise unless all of your certification authorities (CAs) and client computers are running Windows Server 2008 R2, Windows Server 2008, Windows 7, or Windows Vista.

4. In Template, type a new template display name, and then modify any other optional properties as needed.

5. On the Security tab, click Add, type the name of the users or groups you want to issue the certificates to, and then click OK.

6. Under Group or user names, select the user or group names that you just added. Under Permissions, select the Read and Enroll check boxes, and if you want to automatically issue the certificate, also select the Autoenroll check box.

7. On the Request Handling tab, select the Archive subject’s encryption private key check box.

 

 

QUESTION 429

A corporate network contains a Windows Server 2008 R2 Active Directory forest.

 

You need to add a User Principle Name (UPN) suffix to the forest.

 

What tool should you use?

 

A.

Dsmgmt.

B.

Active Directory Domains and Trusts console.

C.

Active Directory Users and Computers console.

D.

Active Directory Sites and Services console.

Correct Answer: B

Explanation:

http://www.kassapoglou.com/windows-server-2008-lesson-23-video-creating-a-user/

 

Demonstration adding a UPN Suffix

 

To add or modify a UPN suffix for your forest, open Active Directory Domains and Trusts from the start menu.

 

Right click Active Directory Domains and Trusts at the top and open the properties. From here you can add and remove additional domain UPN suffixes for the forest.

 

 

QUESTION 430

Your network contains an Active Directory forest. The forest contains one domain named contoso.com.

 

You discover the following event in the Event log of client computers: “The time provider NtpClient was unable to find a domain controller to use as a time source. NtpClient will try again in %1 minutes.”

 

You need to ensure that the client computers can synchronize their clocks properly.

 

What should you do?

 

A.

Move the domain naming master role.

B.

Restart Active Directory Domain Services (AD DS) service.

C.

Move the PDC emulator role.

D.

Move the infrastructure master role.

E.

Move the global catalog server.

F.

Move the RID master role.

G.

Move the bridgehead server.

H.

Move the schema master role.

I.

Deploy an additional global catalog server.

J.

Install a read-only domain controller (RODC).

 

Correct Answer: C

Explanation:

It could be that the server holding the PDC Emulator role has failed. Whatever the cause, we need to move the PDC Emulator role to another domain controller to restore time synchronization in the domain.

 

Reference 1:

http://www.microsoft.com/technet/support/ee/transform.aspx?ProdName=Windows+Operating+System&ProdVer=5.2&EvtID=14&EvtSrc=w32time&LCID=1033

 

Event ID

Message

The time provider NtpClient was unable to find a domain controller to use as a time source.

NtpClient will try again in %1 minutes.

 

Windows Time Service is configured to use the domain hierarchy to locate its time source. It could not locate a domain controller that is a suitable time source. The time service will continue to search for an acceptable
domain controller. If the time service cannot locate a time source after the maximum number of attempts, the Win32Time 49 message will be logged.

 

Reference 2:

MS Press – Self-Paced Training Kit (Exam 70-640) (2nd Edition, July 2012) page 531 PDC Emulator Role

The PDC Emulator role performs multiple, crucial functions for a domain:

(…)

Provides a master time source for the domain – Active Directory, Kerberos, File Replication Service

(FRS), and Distributed File System Replication (DFS-R) each rely on timestamps, so synchronizing the time across all systems in a domain is crucial. The PDC emulator in the forest root domain is the time master for the entire forest, by default. The PDC emulator in each domain synchronizes its time with the forest root PDC emulator. Other domain controllers in the domain synchronize their clocks against that domain’s PDC emulator. All other domain members synchronize their time with their preferred domain controller. This hierarchical structure of time synchronization, all implemented through the Win32Time service, ensures consistency of time. Coordinated Universal Time (UTC) is synchronized, and the time displayed to users is adjusted based on the time zone setting of the computer.

 

Free VCE & PDF File for Microsoft 70-640 Real Exam

Instant Access to Free VCE Files: MCSE|MCSA|MCITP…
Instant Access to Free PDF Files: MCSE|MCSA|MCITP…