Ensurepass.com : Ensure you pass the IT Exams
2018 July Microsoft Official New Released 70-640
100% Free Download! 100% Pass Guaranteed!

Windows Server 2008 Active Directory, Configuring

Question No: 351 – (Topic 4)

Your network contains an Active Directory forest. The forest contains 10 domains. All domain controllers are configured as global catalog servers.

You remove the global catalog role from a domain controller named DC5. You need to reclaim the hard disk space used by the global catalog on DC5.

What should you do?

  1. From Active Directory Sites and Services, run the Knowledge Consistency Checker (KCC).

  2. From Active Directory Sites and Services, modify the general properties of DC5.

  3. From Ntdsutil, use the Semantic database analysis option.

  4. From Ntdsutil, use the Files option.

    Answer: D Explanation:

    Reference 1:

    http://http://technet.microsoft.com/en-us/library/cc816618.aspx Database defragmentation

    In cases in which the data decreases significantly, such as when the global catalog is removed from a domain controller, free disk space is not automatically returned to the file system. Although this condition does not affect database operation, it does result in large amounts of free disk space in the database. To decrease the size of the database file by returning free disk space from the database file to the file system, you can perform an offline defragmentation of the database. Whereas online defragmentation occurs automatically while AD DS is running, offline defragmentation requires taking the domain controller offline and using the Ntdsutil.exe command-line tool to perform the procedure. Reference 2:

    http://technet.microsoft.com/en-us/library/cc794920.aspx

    To perform offline defragmentation of the directory database

    1. Open a Command Prompt as an administrator: On the Start menu, right-click Command Prompt, and then click Run as administrator. If the User Account Control dialog box appears, provide credentials, if required, and then click Continue.

    2. At the command prompt, type the following command, and then press ENTER: net stop ntds

    3. Type Y to agree to stop additional services, and then press ENTER.

    4. At the command prompt, type ntdsutil, and then press ENTER.

    5. At the ntdsutil prompt, type activate instance ntds, and then press ENTER.

    6. At the ntdsutil prompt, type files, and then press ENTER.

      Question No: 352 – (Topic 4)

      Your network contains an Active Directory forest named fabrikam.com. The forest contains the following domains:

      ->Fabrikam.com

      ->Eu.fabrikam.com

      ->Na.fabrikam.com

      ->Eu.contoso.com

      ->Na.contoso.com

      You need to configure the forest to ensure that the administrators of any of the domains can specify a user principal name (UPN) suffix of contoso.com when they create user accounts from Active Directory Users and Computers.

      Which tool should you use?

      1. Active Directory Sites and Services

      2. Set-ADDomain

      3. Set-ADForest

      4. Active Directory Administrative Center

Answer: C Explanation:

We would use the following command to achieve this: Set-ADForest -UPNSuffixes @{Add=quot;contoso.comquot;} Reference 1:

http://technet.microsoft.com/en-us/library/dd391925.aspx Creating a UPN Suffix for a Forest

This topic explains how to use the Active Directory module for Windows PowerShell to create a new user principal name (UPN) suffix for the users in a forest. Creating an additional UPN suffix helps simplify the names that are used to log on to another domain in

the forest.

Example

The following example demonstrates how to create a new UPN suffix for the users in the Fabrikam.com forest:

Set-ADForest -UPNSuffixes @{Add=quot;headquarters.fabrikam.comquot;}

Reference 2

http://technet.microsoft.com/en-us/library/ee617221.aspx Set-ADForest Modifies an Active Directory forest.

Parameter UPNSuffixes

Modifies the list of user principal name (UPN) suffixes of the forest. This parameter sets the multi-valued msDS-UPNSuffixes property of the cross-reference container. This parameter uses the following syntax to add remove, replace, or clear UPN suffix values.

Syntax:

To add values:

-UPNSuffixes @{Add=value1,value2,…}

Question No: 353 – (Topic 4)

Your network contains an Active Directory forest. The forest contains domain controllers that run Windows Server 2008 R2. The functional level of the forest is Windows Server 2003. The functional level of the domain is Windows Server 2008.

From a domain controller, you need to perform an authoritative restore of an organizational unit (OU).

What should you do first?

  1. Raise the functional level of the forest

  2. Modify the tombstone lifetime of the forest.

  3. Restore the system state.

  4. Raise the functional level of the domain.

Answer: C Explanation:

The Recycle Bin feature cannot be applied here, see the reference below. Reference:

Windows Server 2008 R2 Unleashed (SAMS, 2010) pages 1292 and 1297 Active Directory Recycle Bin Recovery

Let’s begin this section with a very clear statement: If you need to recover a deleted Active Directory object and the Active Directory Recycle Bin was not enabled before the object was deleted, skip this section and proceed to the “Active Directory Authoritative Restore” section.

Active Directory Authoritative Restore

When Active Directory has been modified and needs to be restored to a previous state, and this rollback needs to be replicated to all domain controllers in the domain and possibly the forest, an authoritative restore of Active Directory is required. An authoritative restore of Active Directory can include the entire Active Directory database, a single object, or a container, such as an organizational unit including all objects previously stored within the container. To perform an authoritative restore of Active Directory, perform the System State restore of a domain controller.

Question No: 354 – (Topic 4)

Your network contains an Active Directory domain. The domain contains 3,000 client computers. All of the client computers run Windows 7.

Users log on to their client computers by using standard user accounts. You plan to deploy a new application named App1.

The vendor of App1 provides a Setup.exe file to install App1. Setup.exe requires administrative rights to run.

You need to deploy App1 to all client computers. The solution must meet the following requirements:

->App1 must automatically detect and replace corrupt application files.

->App1 must be available from the Start menu on each client computer.

What should you do first?

  1. Create a logon script that calls Setup.exe for App1.

  2. Create a .zap file.

  3. Create a startup script that calls Setup.exe for App1.

  4. Repackage App1 as a Windows Installer package.

Answer: D

Reference:

http://technet.microsoft.com/en-us/library/cc739578.aspx

Windows Installer features Diagnoses and repairs corrupted applications-An application can query Windows Installer to determine whether an installed application has missing or corrupted files. If any are detected, Windows Installer repairs the application by recopying only those files found to be missing or corrupted.

Question No: 355 – (Topic 4)

Your network contains an Active Directory domain. All domain controllers run Windows Server 2008 R2.

You need to receive a notification when more than 100 Active Directory objects are deleted per second.

What should you do?

  1. Create custom views from Event Viewer.

  2. Run the Get-ADForest cmdlet.

  3. Run the ntdsutil.exe command.

  4. Configure the Active Directory Diagnostics Data Collector Set (DCS).

  5. Create a Data Collector Set (DCS).

  6. Run the dsamain.exe command.

  7. Run the dsquery.exe command.

  8. Run the repadmin.exe command.

  9. Configure subscriptions from Event Viewer.

  10. Run the eventcreate.exe command.

    Answer: E

    Reference:

    http://technet.microsoft.com/en-us/magazine/ff458614.aspx

    Configure Windows Server 2008 to Notify you when Certain Events Occur

    You can configure alerts to notify you when certain events occur or when certain performance thresholds are reached. You can send these alerts as network messages and as events that are logged in the application event log. You can also configure alerts to start applications and performance logs.

    To configure an alert, follow these steps:

    1. In Performance Monitor, under the Data Collector Sets node, right-click the User-Defined node in the left pane, point to New, and then choose Data Collector Set.

2. (…)

  1. In the Performance Counters panel, select the first counter, and then use the Alert When Value Is text box to set the occasion when an alert for this counter is triggered. Alerts can be triggered when the counter is above or below a specific value. Select Above or Below, and then set the trigger value. The unit of measurement is whatever makes sense for the currently selected counter or counters. For example, to generate an alert if processor time is over 95 percent, select Over, and then type 95. Repeat this process to configure other counters you’ve selected.

    Question No: 356 – (Topic 4)

    Your company has a single Active Directory forest with a single domain. Consultants in different departments of the company require access to different network resources. The consultants belong to a global group named TempWorkers.

    Three file servers are placed in a new organizational unit named SecureServers. The file servers contain confidential data in shared folders.

    You need to prevent the consultants from accessing the confidential data. What should you do?

    1. Create a new Group Policy Object (GPO) and link it to the SecureServers organizational unit. Assign the Deny access to this computer from the network user right to the TempWorkers global group.

    2. Create a new Group Policy Object (GPO) and link it to the domain. Assign the Deny access to this computer from the network user right to the TempWorkers global group.

    3. On the three file servers, create a share on the root of each hard disk. Configure the Deny Full control permission for the TempWorkers global group on the share.

    4. Create a new Group Policy Object (GPO) and link it to the domain. Assign the Deny log on locally user right to the TempWorkers global group.

    5. Create a new Group Policy Object (GPO) and link it to the SecureServers organizational unit. Assign the Deny log on locally user right to the TempWorkers global group.

Answer: A

Question No: 357 – (Topic 4)

You have an Active Directory domain named contoso.com.

You need to view the account lockout threshold and duration for the domain. Which tool should you use?

  1. Net User

  2. Active Directory Users and Computers

  3. Group Policy Management Console (GPMC)

  4. Computer Management

Answer: C

Question No: 358 HOTSPOT – (Topic 4)

Your network contains an Active Directory domain. The domain contains a domain controller named DC1 that runs windows Server 2008 R2 Service Pack 1 (SP1).

You need to implement a central store for domain policy templates. What should you do?

To answer, select the source content that should be copied to the destination folder in the answer area.

Ensurepass 2018 PDF and VCE

Answer:

Ensurepass 2018 PDF and VCE

Explanation:

Ensurepass 2018 PDF and VCE

Copy “C:\Windows\PolicyDefinitions” to “C:\Windows\SYSVOL\domain\Policies

In the reference below the entire PolicyDefinitions folder gets copied. In the question we copy the contents of that PolicyDefinitions folder, which has the same result of course.

Question No: 359 – (Topic 4)

Your network contains an Active Directory domain named contoso.com.

The Active Directory sites are configured as shown in the Sites exhibit. (Click the Exhibit button.)

Ensurepass 2018 PDF and VCE

You need to ensure that DC1 and DC4 are the only servers that replicate Active Directory changes between the sites.

What should you do?

  1. Configure DC1 as a preferred bridgehead server for IP transport.

  2. Configure DC4 as a preferred bridgehead server for IP transport.

  3. From the DC4 server object, create a Connection object for DC1.

  4. From the DC1 server object, create a Connection object for DC4.

    Answer: B

    Reference:

    MCTS 70-640 Cert Guide: Windows Server 2008 Active Directory, Configuring (Pearson IT Certification, 2010) pages 193, 194

    Bridgehead Servers

    A bridgehead server is the domain controller designated by each site’s KCC to take control of intersite replication. The bridgehead server receives information replicated from other sites and replicates it to its site’s other domain controllers. It ensures that the greatest portion of replication occurs within sites rather than between them.

    In most cases, the KCC automatically decides which domain controller acts as the bridgehead server.

    However, you can use Active Directory Sites and Services to specify which domain controller will be the preferred bridgehead server by using the following steps:

    1. In Active Directory Sites and Services, expand the site in which you want to specify the preferred bridgehead server.

    2. Expand the Servers folder to locate the desired server, right-click it, and then choose Properties.

    3. From the list labeled Transports available for intersite data transfer, select the protocol(s) for which you want to designate this server as a preferred bridgehead server and then click Add.

      Original explanation: Please Check Answer

      Connections. The KCC creates connections that enable domain controllers to replicate with each other. A connection defines a one-way, inbound route from one domain controller, the source, to another domain controller, the destination. The KCC reuses existing connections where it can, deletes unused connections, and creates new connections if none exist that meet the current need. Bridgehead Servers. To communicate across site links, the KCC automatically designates a single server, called the bridgehead server, in each site to perform site-to-site replication. Subsequent replication occurs by replication within a site.

      When site links are established, authorized administrators can designate the bridgehead servers that they want to receive replication between sites. By designating a specific server to receive replication between sites, rather than using any available server, authorized administrators can specify the most beneficial conditions for the connection between sites. Bridgehead servers ensure that most replication occurs within sites rather than between sites.

      http://technet.microsoft.com/library/dd277429.aspx

      Question No: 360 – (Topic 4)

      Your network contains an Active Directory domain named adatum.com.

      The password policy of the domain requires that the passwords for all user accounts be changed every 50 days.

      You need to create several user accounts that will be used by services. The passwords for these accounts must be changed automatically every 50 days.

      Which tool should you use to create the accounts?

      1. Active Directory Administrative Center

      2. Active Directory Users and Computers

      3. Active Directory Module for Windows PowerShell

      4. ADSI Edit

      5. Active Directory Domains and Trusts

        Answer: C Explanation:

        Use the New-ADServiceAccount cmdlet in PowerShell to create the new accounts as managed service accounts. Managed service accounts offer Automatic password management, making password management easier.

        Reference 1:

        http://technet.microsoft.com/en-us/library/dd367859.aspx

        What are the benefits of new service accounts?

        In addition to the enhanced security that is provided by having individual accounts for critical services, there are four important administrative benefits associated with managed service accounts:

        (…)

        Unlike with regular domain accounts in which administrators must reset passwords manually, the network passwords for these accounts will be reset automatically. (…)

        Reference 2:

        http://technet.microsoft.com/en-us/library/dd391964.aspx

        Use the Active Directory module for Windows PowerShell to create a managed service account.

        Reference 3:

        http://technet.microsoft.com/en-us/library/dd548356.aspx To create a new managed service account

        1. On the domain controller, click Start, and then click Run. In the Open box, type dsa.msc, and then click OK to open the Active Directory Users and Computers snap-in. Confirm that the Managed Service Account container exists.

        2. Click Start, click All Programs, click Windows PowerShell 2.0, and then click the

          Windows PowerShell icon.

        3. Run the following command: New-ADServiceAccount [-SAMAccountName lt;Stringgt;] [- Path lt;Stringgt;].

          Reference 4:

          http://technet.microsoft.com/en-us/library/hh852236.aspx

          Use the -ManagedPasswordIntervalInDays parameter with New-ADServiceAccount to specify the number of days for the password change interval.

          -ManagedPasswordIntervalInDayslt;Int32gt;Specifies the number of days for the password change interval. If set to 0 then the default is used. This can only be set on object creation. After that the setting is read only. This value returns the msDSManagedPasswordInterval of the group managed service account object.

          The following example shows how to specify a 90 day password changes interval:

          -ManagedPasswordIntervalInDays 90

          100% Ensurepass Free Download!
          Download Free Demo:70-640 Demo PDF
          100% Ensurepass Free Guaranteed!
          70-640 Dumps

          EnsurePass ExamCollection Testking
          Lowest Price Guarantee Yes No No
          Up-to-Dated Yes No No
          Real Questions Yes No No
          Explanation Yes No No
          PDF VCE Yes No No
          Free VCE Simulator Yes No No
          Instant Download Yes No No

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.