The only free mcitp 70-640 practice test resources for you
We are the very best in introducing one of the most useful 70-640 tools for our clients which will undoubtedly help make these people succeed in the real Microsoft 70-640 examination. A perfect Microsoft guidebook features a wonderful and greatest preparatory materials which works on you totally and offers the guarantee with the good results that isnt a bit point. Merely down load the actual Examcollection 70-640 TS: Windows Server 2008 Active Directory. Configuring totally free trial characteristics to see the options as well as amount of Examcollection goods. You will end up motivated in the 70-640 examine guidebook pdf file certainly. If you deed the 100% sucess, utilizing Examcollection 70-640 to your TS: Windows Server 2008 Active Directory. Configuring qualified planning is the better choice.
2016 Jul mcitp 70-640:
Q201. Your company has a main office and five branch offices that are connected by WAN links. The company has an Active Directory domain named contoso.com.
Each branch office has a member server configured as a DNS server. All branch office DNS servers host a secondary zone for contoso.com.
You need to configure the contoso.com zone to resolve client queries for at least four days in the event that a WAN link fails.
What should you do?
A. Configure the Expires after option for the contoso.com zone to 4 days.
B. Configure the Retry interval option for the contoso.com zone to 4 days.
C. Configure the Refresh interval option for the contoso.com zone to 4 days.
D. Configure the Minimum (default) TTL option for the contoso.com zone to 4 days.
Adjust the Expire Interval for a Zone
You can use this procedure to adjust the expire interval for a Domain Name System (DNS)
zone. Other DNS servers that are configured to load and host the zone use the expire
interval to determine when zone data expires if it is not successfully transferred. By default,
the expire interval for each zone is set to one day.
You can complete this procedure using either the DNS Manager snap-in or the dnscmd
To adjust the expire interval for a zone using the Windows interface
1. Open DNS Manager. To open DNS Manager, click Start, point to Administrative Tools, and then click DNS.
2. In the console tree, right-click the applicable zone, and then click Properties.
3. On the General tab, verify that the zone type is either Primary or Active Directory-integrated.
4. Click the Start of Authority (SOA) tab.
5. In Expires after, click a time period in minutes, hours, or days, and then type a number in the text box.
6. Click OK to save the adjusted interval.
Q202. You have an existing Active Directory site named Site1. You create a new Active Directory site and name it Site2.
You need to configure Active Directory replication between Site1 and Site2. You install a new domain controller.
You create the site link between Site1 and Site2.
What should you do next?
A. Use the Active Directory Sites and Services console to assign a new IP subnet to Site2. Move the new domain controller object to Site2.
B. Use the Active Directory Sites and Services console to configure a new site link bridge object.
C. Use the Active Directory Sites and Services console to decrease the site link cost between Site1 and Site2.
D. Use the Active Directory Sites and Services console to configure the new domain controller as a preferred bridgehead server for Site1.
http://www.enterprisenetworkingplanet.com/netsysm/article.php/624411/Intersite-eplication.htm Inter-site Replication The process of creating a custom site link has five basic steps:
1. Create the site link.
2. Configure the site link's associated attributes.
3. Create site link bridges.
4. Configure connection objects. (This step is optional.)
5. Designate a preferred bridgehead server. (This step is optional)
http://technet.microsoft.com/en-us/library/cc759160%28v=ws.10%29.aspx Replication between sites
Q203. Your company has an Active Directory domain that runs Windows Server 2008 R2. The Sales OU contains an OU for Computers, an OU for Groups, and an OU for Users.
You perform nightly backups. An administrator deletes the Groups OU.
You need to restore the Groups OU without affecting users and computers in the Sales OU.
What should you do?
A. Perform an authoritative restore of the Sales OU.
B. Perform a non-authoritative restore of the Sales OU.
C. Perform an authoritative restore of the Groups OU.
D. Perform a non-authoritative restore of the Groups OU.
Answer: Perform an authoritative restore of the Groups OU.
Performing Authoritative Restore of Active Directory Objects
An authoritative restore process returns a designated, deleted Active Directory object or container of objects to its predeletion state at the time when it was backed up. For example, you might have to perform an authoritative restore if an administrator inadvertently deletes an organizational unit (OU) that contains a large number of users. In most cases, there are two parts to the authoritative restore process: a nonauthoritative restore from backup, followed by an authoritative restore of the deleted objects. If you perform a nonauthoritative restore from backup only, the deleted OU is not restored because the restored domain controller is updated after the restore process to the current status of its replication partners, which have deleted the OU. To recover the deleted OU, after you perform nonauthoritative restore from backup and before allowing replication to occur, you must perform an authoritative restore procedure. During the authoritative restore procedure, you mark the OU as authoritative and let the replication process restore it to all the other domain controllers in the domain. After an authoritative restore, you also restore group memberships, if necessary.
Q204. Your network contains a single Active Directory domain.
A domain controller named DC2 fails.
You need to remove DC2 from Active Directory.
Which two actions should you perform? (Each correct answer presents part of the solution.
A. At the command prompt, run dcdiag.exe /fix.
B. At the command prompt, run netdom.exe remove dc2.
C. From Active Directory Sites and Services, delete DC2.
D. From Active Directory Users and Computers, delete DC2.
Clean Up Server Metadata
Metadata cleanup is a required procedure after a forced removal of Active Directory
Domain Services (AD DS).
You perform metadata cleanup on a domain controller in the domain of the domain
controller that you forcibly removed. Metadata cleanup removes data from AD DS that
identifies a domain controller to the replication system.
Clean up server metadata by using GUI tools
Clean up server metadata by using Active Directory Users and Computers
1. Open Active Directory Users and Computers: On the Start menu, point to Administrative Tools, and then click Active Directory Users and Computers.
2. Expand the domain of the domain controller that was forcibly removed, and then click Domain Controllers.
3. In the details pane, right-click the computer object of the domain controller whose metadata you want to clean up, and then click Delete.
Clean up server metadata by using Active Directory Sites and Services
1. Open Active Directory Sites and Services: On the Start menu, point to Administrative Tools, and then click Active Directory Sites and Services
2. Expand the site of the domain controller that was forcibly removed, expand Servers, expand the name of the domain controller, right-click the NTDS Settings object, and then click Delete.
Q205. Your company has an Active Directory domain. You install an Enterprise Root certification authority (CA) on a member server named Server1.
You need to ensure that only the Security Manager is authorized to revoke certificates that are supplied by Server1.
What should you do?
A. Remove the Request Certificates permission from the Domain Users group.
B. Remove the Request Certificated permission from the Authenticated Users group.
C. Assign the Allow - Manage CA permission to only the Security Manager user Account.
D. Assign the Allow - Issue and Manage Certificates permission to only the Security Manger user account
Implement Role-Based Administration You can use role-based administration to organize certification authority (CA) administrators into separate, predefined CA roles, each with its own set of tasks. Roles are assigned by using each user's security settings.
You assign a role to a user by assigning that user the specific security settings that are associated with the role. A user that has one type of permission, such as Manage CA permission, can perform specific CA tasks that a user with another type of permission, such as Issue and Manage Certificates permission, cannot perform.
The following table describes the roles, users, and groups that can be used to implement role-based administration.
Roles and groups
Issue and Manage Certificates
Approve certificate enrollment and revocation requests. This is a CA role. This role is sometimes referred to as CA officer. These permissions are assigned by using the Certification Authority snap-in.
Latest examcollection 70-640:
Q206. You need to compact an Active Directory database on a domain controller that runs Windows Server 2008 R2.
What should you do?
A. Run defrag.exe /a /c.
B. Run defrag.exe /c /u.
C. From Ntdsutil, use the Files option.
D. From Ntdsutil, use the Metadata cleanup option.
Compact the Directory Database File (Offline Defragmentation)
You can use this procedure to compact the Active Directory database offline. Offline
defragmentation returns free disk space in the Active Directory database to the file system.
As part of the offline defragmentation procedure, check directory database integrity.
Performing offline defragmentation creates a new, compacted version of the database file in a different location.
Explanation 2: Mastering Windows Server 2008 R2 (Sybex, 2010) page 805 Performing Offline Defragmentation of Ntds.dit These steps assume that you will be compacting the Ntds.dit file to a local folder. If you plan to defragment and compact the database to a remote shared folder, map a drive letter to that shared folder before you begin these steps, and use that drive letter in the path where appropriate.
1. Open an elevated command prompt. Click Start, and then right-click Command Prompt. Click Run as Administrator.
2. Type ntdsutil, and then press Enter.
3. Type Activate instance NTDS, and press Enter.
4. At the resulting ntdsutil prompt, type Files (case sensitive), and then press Enter.
5. At the file maintenance prompt, type compact to followed by the path to the destination folder for the defragmentation, and then press Enter.
Q207. Your network contains an Active Directory domain named contoso.com.
You create a GlobalNames zone. You add an alias (CNAME) resource record named
Server1 to the zone. The target host of the record is server2.contoso.com.
When you ping Server1, you discover that the name fails to resolve. You successfully resolve server2.contoso.com.
You need to ensure that you can resolve names by using the GlobalNames zone.
What should you do?
A. From the command prompt, use the netsh tool.
B. From the command prompt, use the dnscmd tool.
C. From DNS Manager, modify the properties of the GlobalNames zone.
D. From DNS Manager, modify the advanced settings of the DNS server.
http://technet.microsoft.com/en-us/library/cc731744.aspx Enable GlobalNames zone support The GlobalNames zone is not available to provide name resolution until GlobalNames zone support is explicitly enabled by using the following command on every authoritative DNS server in the forest: dnscmd<ServerName> /config /enableglobalnamessupport 1
Q208. You have an enterprise subordinate certification authority (CA).
You have a custom Version 3 certificate template.
Users can enroll for certificates based on the custom certificate template by using the
Certificates console. The certificate template is unavailable for Web enrollment.
You need to ensure that the certificate template is available on the Web enrollment pages.
What should you do?
A. Run certutil.exe pulse.
B. Run certutil.exe installcert.
C. Change the certificate template to a Version 2 certificate template.
D. On the certificate template, assign the Autoenroll permission to the users.
Identical to F/Q33. Explanation 1: http://technet.microsoft.com/en-us/library/cc732517.aspx Certificate Web enrollment cannot be used with version 3 certificate templates. Explanation 2: http://blogs.technet.com/b/ad/archive/2008/06/30/2008-web-enrollment-and-version-3-templates.aspx The reason for this blog post is that one of our customers called after noticing some unexpected behavior when they were trying to use the Server 2008 certificate web enrollment page to request a Version 3 Template based certificate. The problem was that no matter what they did the Version 3 Templates would not appear as certificates which could be requested via the web page. On the other hand, version 1 and 2 templates did appear in the page and requests could be done successfully using those templates.
Q209. Your network contains a domain controller that has two network connections named Internal and Private.
Internal has an IP address of 192.168.0.20. Private has an IP address of 10.10.10.5. You need to prevent the domain controller from registering Host (A) records for the 10.10.10.5 IP address.
What should you do?
A. Modify the netlogon.dns file on the domain controller.
B. Modify the Name Server settings of the DNS zone for the domain.
C. Modify the properties of the Private network connection on the domain controller.
D. Disable netmask ordering on the DNS server that hosts the DNS zone for the domain.
http://support.microsoft.com/kb/2023004 Steps to avoid registering unwanted NIC(s) in DNS on a Mulithomed Domain Controller Symptoms On Domain Controllers with more than one NIC where each NIC is connected to separate Network, there is a possibility that the Host A DNS registration can occur for unwanted NIC(s). If the client queries for DC’s DNS records and gets an unwanted record or the record of a different network which is not reachable to client, the client will fail to contact the DC causing authentication and many other issues.
Cause The DNS server will respond to the query in a round robin fashion. If the DC has multiple NICs registered in DNS. The DNS will serve the client with all the records available for that DC. To prevent this, we need to make sure the unwanted NIC address is not registered in DNS. Below are the services that are responsible for Host A record registration on a DC
1. Netlogon service
2. DNS server service (if the DC is running DNS server service)
3. DHCP client /DNS client (2003/2008) If the NIC card is configured to register the connection address in DNS, then the DHCP /DNS client service will Register the record in DNS. Unwanted NIC should be configured not to register the connection address in DNS If the DC is running DNS server service, then the DNS service will register the interface Host A record that it has set to listen on. The Zone properties, “Name server” tab list out the IP addresses of interfaces present on the DC. If it has listed both the IPs, then DNS server will register Host A record for both the IP addresses. We need to make sure only the required interface listens for DNS and the zone properties, name server tab has required IP address information
Resolution To avoid this problem perform the following 3 steps (It is important that you follow all the steps to avoid the issue).
1. Under Network Connections Properties: On the Unwanted NIC TCP/IP Properties ->
Advanced -> DNS -
> Uncheck "Register this connections Address in DNS"
2. Open the DNS server console: highlight the server on the left pane Action-> Properties
and on the "Interfaces" tab select "listen on only the following IP addresses". Remove
unwanted IP address from the list
3. On the Zone properties, select Name server tab. Along with FQDN of the DC, you will
see the IP address associated with the DC. Remove unwanted IP address if it is listed.
After performing this delete the existing unwanted Host A record of the DC.
Q210. Your network contains an Active Directory forest. All domain controllers run Windows
Server 2008 Standard.
The functional level of the domain is Windows Server 2003.
You have a certification authority (CA).
The relevant servers in the domain are configured as shown below:
You need to ensure that you can install the Active Directory Certificate Services (AD CS) Certificate Enrollment Web Service on the network.
What should you do?
A. Upgrade Server1 to Windows Server 2008 R2.
B. Upgrade Server2 to Windows Server 2008 R2.
C. Raise the functional level of the domain to Windows Server 2008.
D. Install the Windows Server 2008 R2 Active Directory Schema updates.
Before installing the certificate enrollment Web services, ensure that your environment
meets these requirements:
A host computer as a domain member running Windows Server 2008 R2.
An Active Directory forest with a Windows Server 2008 R2 schema.
An enterprise certification authority (CA) running Windows Server 2008 R2, Windows
Server 2008, or
Windows Server 2003.
see more http://www.2passeasy.com/exam/70-640/