Ensurepass.com : Ensure you pass the IT Exams
2018 July Microsoft Official New Released 70-640
100% Free Download! 100% Pass Guaranteed!

Windows Server 2008 Active Directory, Configuring

Question No: 141 HOTSPOT – (Topic 2)

Your network contains an Active Directory domain named contoso.com. You need to view which password setting object is applied to a user.

Which filter option in Attribute Editor should you enable? To answer, select the appropriate filter option in the answer area.

Ensurepass 2018 PDF and VCE

Answer:

Ensurepass 2018 PDF and VCE

Question No: 142 – (Topic 2)

Your network contains an Active Directory domain. The domain is configured as shown in the following table.

Ensurepass 2018 PDF and VCE

Users in Branch2 sometimes authenticate to a domain controller in Branch1.

You need to ensure that users inBranch2 only authenticate to the domain controllers in Main.

What should you do?

  1. On DC3, set the AutoSiteCoverage value to 0.

  2. On DC3, set the AutoSiteCoverage value to 1.

  3. On DC1 and DC2, set the AutoSiteCoverage value to 0.

  4. On DC1 and DC2, set the AutoSiteCoverage value to 1.

Answer: A

Question No: 143 – (Topic 2)

ABC.com has a software evaluation lab. There is a server in the evaluation lab named as CKT. CKT runs Windows Server 2008 and Microsoft Virtual Server 2005 R2. CKT has 200 virtual servers running on an isolated virtual segment to evaluate software. To connect to the internet, it uses physical network interface card.

ABC.com requires every server in the company to access Internet. ABC.com security policy dictates that the IP address space used by software evaluation lab must not be used by other networks. Similarly, it states the IP address space used by other networks should not be used by the evaluation lab network.

As an administrator you find you that the applications tested in the software evaluation lab need to access normal network to connect to the vendors update servers on the internet.

You need to configure all virtual servers on the CKT server to access the internet. You also need to comply with company#39;s security policy.

Which two actions should you perform to achieve this task? (Choose two answers. Each answer is a part of the complete solution)

  1. Trigger the Virtual DHCP server for the external virtual network and run ipconfig/renew command on each virtual server

  2. On CKT#39;s physical network interface, activate the Internet Connection Sharing (ICS)

  3. Use ABC.com intranet IP addresses on all virtual servers on CKT.

  4. Add and install a Microsoft Loopback Adapter network interface on CKT. Use a new

    network interface and create a new virtual network.

  5. None of the above

Answer: A,D Explanation:

http://class10e.com/Microsoft/which-two-actions-should-you-perform-to-achieve-this-task- choose-two-answers/

To configure all virtual servers on the CKT server to access the internet and comply with company’s security policy, you should trigger the virtual DHCP server for the external virtual network and run ipconfig/renew command on each virtual server. Then add and install Microsoft Loopback adapter network interface on CKT.

Create a virtual network using the new interface.

When you configure the Virtual DHCP server for the external virtual network, a set of IP addresses are assigned to the virtual servers on CKT server. By running ipconfig/renew command, the new IP addresses will be renewed. The Microsoft Loopback adapter network interface will ensure that the IP address space used by other networks are not been used by the virtual servers on CKT server. You create a new virtual network on the new network interface which will enable you to access internet.

Question No: 144 – (Topic 2)

Your network contains a server named Server1. The Active Directory Rights Management Services (AD RMS) server role is installed on Server1.

An administrator changes the password of the user account that is used by AD RMS. You need to update AD RMS to use the new password.

Which console should you use?

  1. Active Directory Rights Management Services

  2. Active Directory Users and Computers

  3. Component Services

  4. Services

Answer: A Explanation:

http://social.technet.microsoft.com/wiki/contents/articles/13034.ad-rms-how-to-change-the-

rms-serviceaccount-password.aspx

AD RMS How To: Change the RMS Service Account Password

The Active Directory Rights Management Services management console provides a wizard to change or update the AD RMS service account. The most common use for this process is to update the service account password when it has been changed.

It is important to use this process to update or change the AD RMS service account. This ensures the necessary components are updated properly. These processes include, but are not limited to the following items.

Ensure the service account meets the criteria (is a domain account, is not the domain account that provisioned RMS, and etc.)

Temporarily suspends RMS functionality on the server during the change Updates the RMS local groups

Updates the database role for the service account Updates and restarts the MSMQ and logging services

Updates the service account for the _DRMSAppPool1 web application pool Updates appropriate AD RMS configuration database tables

There are important requirements to run this wizard. Must be logged on to the AD RMS server

Account running the wizard must be:

  • A local administrator on the RMS server,

  • A member of the AD RMS Enterprise Administrators group, and

  • A SQL SysAdmin on the AD RMS instance

    Lastly, this must be performed on each server of the AD RMS cluster

    Ensurepass 2018 PDF and VCE

    C:\Documents and Settings\usernwz1\Desktop\1.PNG

    Ensurepass 2018 PDF and VCE

    C:\Documents and Settings\usernwz1\Desktop\1.PNG

    Ensurepass 2018 PDF and VCE

    C:\Documents and Settings\usernwz1\Desktop\1.PNG

    Question No: 145 – (Topic 2)

    A domain controller named DC12 runs critical services. Restructuring of the organizational unit hierarchy for the domain has been completed and unnecessary objects have been deleted.

    You need to perform an offline defragmentation of the Active Directory database on DC12. You also need to ensure that the critical services remain online.

    What should you do?

    1. Start the domain controller in the Directory Services restore mode. Run the Defrag utility.

    2. Start the domain controller in the Directory Services restore mode. Run the Ntdsutil utility.

    3. Stop the Domain Controller service in the Services (local) Microsoft Management Console (MMC). Run the Defrag utility.

    4. Stop the Domain Controller service in the Services (local) Microsoft Management Console (MMC). Run the Ntdsutil utility.

    Answer: D Explanation:

    http://support.microsoft.com/kb/232122

    Performing offline defragmentation of the Active Directory database

    Active Directory automatically performs online defragmentation of the database at certain intervals (by default, every 12 hours) as part of the Garbage Collection process. Online defragmentation does not reduce the size of the database file (Ntds.dit), but instead optimizes data storage in the database and reclaims space in the directory for new objects. Performing an offline defragmentation creates a new, compacted version of the database file. Depending on how fragmented the original database file was, the new file may be considerably smaller.

    http://rickardnobel.se/when-to-offline-defrag-ntds-dit/ When to offline defrag the Active Directory database

    This article will show a simple way to determine if there is any gain to do an offline defrag of your Active Directory database.

    During normal operations the Active Directory service will do an online defragmentation of the Active Directory database (always called ntds.dit) each 12 hours. This online defrag will

    arrange all pages in an optimal way internal in the ntds.dit, however the file size will never shrink, sometimes even grow. During the years of operations of the ntds.dit the file size will increase as user accounts, organizational units, groups, computers, dns records and more are added and later removed. When deleted objects are finally removed (after the so called tombstone lifetime, typically 180 days) the space they have occupied will unfortunately not decrease.

    Ensurepass 2018 PDF and VCE

    C:\Documents and Settings\usernwz1\Desktop\1.PNG

    The actual size of the ntds.dit could be easily studied through Explorer, as above. The size of the database is in this example around 575 MB. Note that Active Directory does not use a file level replication, so the file could be of various size on each Domain Controller in your domain. If wanted there is the possibility to take the AD services offline on one DC and then do an offline defragmentation of ntds.dit. This would both arrange all pages the best possible way, and also to reclaim any empty space inside the database, which could make backup and restore faster and also possible increase AD performance.

    The offline defrag means “offline” from an Active Directory perspective. This means that on Windows 2000 and 2003 you will have to reboot into Directory Services Restore Mode, and on Windows 2008 and R2 you will have to stop the AD services by typing “net stop ntds” in the command prompt. So in Windows 2008 and later it is far easier, but still something that you do not want to do if not necessary.

    There are numerous article on the web how to do the actual offline defrag, so we will not cover that part here. However, we will see the perhaps most important information and that is to be able to see in advance the amount of space that we could reclaim. With this information we could make our decision based on fact and not guesses. This has been possible since at least Windows 2003, but is not well documented.

    Ensurepass 2018 PDF and VCE

    C:\Documents and Settings\usernwz1\Desktop\1.PNG

    To enable this you will have to alter a registry value on the Domain Controller you will investigate the reclaimable MBs. Use regedit and find the following key: HKEY_LOCAL_MACHINE \ System \ CurrentControlSet \ Services \ NTDS \ Diagnostics Change the value “6 Garbage Collection” from 0 to 1. This will increase the logging from the Garbage Collection process which runs together with the online defrag. So now wait for the next online defragmentation which runs twice a day and then study the Directory Service log in Event Viewer.

    Ensurepass 2018 PDF and VCE

    C:\Documents and Settings\usernwz1\Desktop\1.PNG

    Search for event id 1646, usually together with event ids 700 and 701.

    Ensurepass 2018 PDF and VCE

    C:\Documents and Settings\usernwz1\Desktop\1.PNG

    Here we can note the amount of space that would be reclaimed from an offline defrag. The top value is the number of MB that the offline defrag would recover, here almost half the database size. If the amount is negligible then do not worry about this any more, and if there is a considerable amount of MBs reported then you could plan to do the offline defrag.

    Ensurepass 2018 PDF and VCE

    C:\Documents and Settings\usernwz1\Desktop\1.PNG

    Note that both the change of registry key and the actual offline defrag has to be done on each domain controller, since neither does replicate.

    As noted above we will not look at the commands for the offline defragmentation here, since they are well documented already.

    Question No: 146 – (Topic 2)

    Your network contains an Active Directory domain. The functional level of the domain is Windows Server 2003.

    The domain contains five domain controllers that run Windows Server 2008 and five domain controllers that run Windows Server 2008 R2.

    You need to ensure that SYSVOL is replicated by using Distributed File System Replication (DFSR).

    What should you do first?

    1. Run dfsrdiag.exe PollAD.

    2. Run dfsrmig.exe /SetGlobalState 0.

    3. Upgrade all domain controllers to Windows Server 2008 R2.

    4. Raise the functional level of the domain to Windows Server 2008.

    Answer: D Explanation:

    http://technet.microsoft.com/en-us/library/cc753479(v=ws.10).aspx Distributed File System

    Distributed File System (DFS) Namespaces and DFS Replication offer simplified, highly- available access to files, load sharing, and WAN-friendly replication. In the Windows Server庐 2003 R2 operating system, Microsoft revised and renamed DFS Namespaces (formerly called DFS), replaced the Distributed File System snap-in with the DFS Management snap-in, and introduced the new DFS Replication feature. In the Windows Server庐 2008 operating system, Microsoft added the Windows Server 2008 mode of domain-based namespaces and added a number of usability and performance improvements.

    What does Distributed File System (DFS) do?

    The Distributed File System (DFS) technologies offer wide area network (WAN)-friendly replication as well as simplified, highly-available access to geographically dispersed files. The two technologies in DFS are the following:

    DFS Namespaces. Enables you to group shared folders that are located on different servers into one or more logically structured namespaces. Each namespace appears to users as a single shared folder with a series of subfolders. This structure increases availability and automatically connects users to shared folders in the same Active Directory Domain Services site, when available, instead of routing them over WAN connections.

    DFS Replication. DFS Replication is an efficient, multiple-master replication engine that you can use to keep folders synchronized between servers across limited bandwidth network connections. It replaces the File Replication Service (FRS) as the replication engine for DFS Namespaces, as well as for replicating the AD DS SYSVOL folder in domains that use the Windows Server 2008 domain functional level.

    Question No: 147 – (Topic 2)

    Company has a server with Active Directory Rights Management Services (AD RMS) server installed. Users have computers with Windows Vista installed on them with an Active Directory domain installed at Windows Server 2003 functional level.

    As an administrator at Company, you discover that the users are unable to benefit from AD RMS to protect their documents.

    You need to configure AD RMS to enable users to use it and protect their documents. What should you do to achieve this functionality?

    1. Configure an email account in Active Directory Domain Services (AD DS) for each user.

    2. Add and configure ADRMSADMIN account in local administrators group on the user computers

    3. Add and configure the ADRMSSRVC account in AD RMS server#39;s local administrator group

    4. Reinstall the Active Directory domain on user computers

    5. All of the above

    Answer: A Explanation:

    http://technet.microsoft.com/en-us/library/cc753531(v=ws.10).aspx AD RMS Step-by-Step Guide

    For each user account and group that you configure with AD RMS, you need to add an e- mail address and then assign the users to groups.

    Question No: 148 HOTSPOT – (Topic 2)

    Your network contains two Active Directory forests named contoso.com and fabrikam.com. A two-way forest trust exists between the forests. Selective authentication is enabled on the trust. Fabrikam.com contains a server named Server1.

    You assign Contoso\Domain Users the Manage documents permission and the Print permission to a shared printer on Server1.

    You discover that users from contoso.com cannot access the shared printer on Server1. You need to ensure that the contoso.com users can access the shared printer on Server1. Which permission should you assign to Contoso\Domain Users.

    To answer, select the appropriate permission in the answer area.

    Ensurepass 2018 PDF and VCE

    Answer:

    Ensurepass 2018 PDF and VCE

    Question No: 149 – (Topic 2)

    Exhibit:

    Ensurepass 2018 PDF and VCE

    Company servers run Windows Server 2008. It has a single Active Directory domain. A server called S4 has file services role installed. You install some disk for additional storage. The disks are configured as shown in the exhibit.

    To support data stripping with parity, you have to create a new drive volume. What should you do to achieve this objective?

    1. Build a new spanned volume by combining Disk0 and Disk1

    2. Create a new Raid-5 volume by adding another disk.

    3. Create a new virtual volume by combining Disk 1 and Disk 2

    4. Build a new striped volume by combining Disk0 and Disk 2

    Answer: B Explanation:

    https://sort.symantec.com/public/documents/sf/5.0/solaris/html/vxvm_admin/ag_ch_intro_v m17.html

    Ensurepass 2018 PDF and VCE

    C:\Documents and Settings\usernwz1\Desktop\1.PNG

    Question No: 150 – (Topic 2)

    Your network contains an enterprise root certification authority (CA). You need to ensure that a certificate issued by the CA is valid.

    What should you do?

    1. Run syskey.exe and use the Update option.

    2. Run sigverif.exe and use the Advanced option.

    3. Run certutil.exe and specify the -verify parameter.

    4. Run certreq.exe and specify the -retrieve parameter.

    Answer: C Explanation:

    http://blogs.technet.com/b/pki/archive/2006/11/30/basic-crl-checking-with-certutil.aspx Basic CRL checking with certutil

    Certutil.exe is the command-line tool to verify certificates and CRLs. To get reliable verification results, you must use certutil.exe because the Certificate MMC Snap-In does not verify the CRL of certificates. A certificate might be wrongly shown in the MMC snap-in as valid but once you verify it with certutil.exe you will see that the certificate is actually invalid.

    100% Ensurepass Free Download!
    Download Free Demo:70-640 Demo PDF
    100% Ensurepass Free Guaranteed!
    70-640 Dumps

    EnsurePass ExamCollection Testking
    Lowest Price Guarantee Yes No No
    Up-to-Dated Yes No No
    Real Questions Yes No No
    Explanation Yes No No
    PDF VCE Yes No No
    Free VCE Simulator Yes No No
    Instant Download Yes No No

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.