[Free] 2018(Aug) Ensurepass Microsoft 70-640 Dumps with VCE and PDF 41-50

Ensurepass.com : Ensure you pass the IT Exams
2018 Aug Microsoft Official New Released 70-640
100% Free Download! 100% Pass Guaranteed!

Windows Server 2008 Active Directory, Configuring

Question No: 41 – (Topic 1)

Your company has an Active Directory domain that runs Windows Server 2008 R2. The Sales OU contains an OU for Computers, an OU for Groups, and an OU for Users.

You perform nightly backups. An administrator deletes the Groups OU.

You need to restore the Groups OU without affecting users and computers in the Sales OU.

What should you do?

  1. Perform an authoritative restore of the Sales OU.

  2. Perform a non-authoritative restore of the Sales OU.

  3. Perform an authoritative restore of the Groups OU.

  4. Perform a non-authoritative restore of the Groups OU.

Answer: C Explanation:

Answer: Perform an authoritative restore of the Groups OU.

http://technet.microsoft.com/en-us/library/cc816878(v=ws.10).aspx Performing Authoritative Restore of Active Directory Objects

An authoritative restore process returns a designated, deleted Active Directory object or container of objects to its predeletion state at the time when it was backed up. For example, you might have to perform an authoritative restore if an administrator inadvertently deletes an organizational unit (OU) that contains a large number of users. In most cases, there are two parts to the authoritative restore process: a nonauthoritative restore from backup, followed by an authoritative restore of the deleted objects. If you perform a nonauthoritative restore from backup only, the deleted OU is not restored because the restored domain controller is updated after the restore process to the current status of its replication partners, which have deleted the OU. To recover the deleted OU, after you perform nonauthoritative restore from backup and before allowing replication to

occur, you must perform an authoritative restore procedure. During the authoritative restore procedure, you mark the OU as authoritative and let the replication process restore it to all the other domain controllers in the domain. After an authoritative restore, you also restore group memberships, if necessary.

Question No: 42 – (Topic 1)

Your company has a main office and a branch office. You deploy a read-only domain controller (RODC) that runs Microsoft Windows Server 2008 to the branch office.

You need to ensure that users at the branch office are able to log on to the domain by using the RODC.

What should you do?

  1. Add another RODC to the branch office.

  2. Configure a new bridgehead server in the main office.

  3. Decrease the replication interval for all connection objects by using the Active Directory Sites and Services console.

  4. Configure the Password Replication Policy on the RODC.

Answer: D Explanation:

Answer: Configure the Password Replication Policy on the RODC.

http://technet.microsoft.com/en-us/library/cc754956(v=ws.10).aspx RODC Frequently Asked Questions

What new attributes support the RODC Password Replication Policy?

Password Replication Policy is the mechanism for determining whether a user or computer#39;s credentials are allowed to replicate from a writable domain controller to an RODC. The Password Replication Policy is always set on a writable domain controller running Windows Server 2008.

What operations fail if the WAN is offline, but the RODC is online in the branch office?

If the RODC cannot connect to a writable domain controller running Windows Server 2008 in the hub, the following branch office operations fail:

Password changes

Attempts to join a computer to a domain

Computer rename

Authentication attempts for accounts whose credentials are not cached on the RODC Group Policy updates that an administrator might attempt by running the gpupdate /force command

What operations succeed if the WAN is offline, but the RODC is online in the branch office? If the RODC cannot connect to a writable domain controller running Windows Server 2008 in the hub, the following branch office operations succeed:

Authentication and logon attempts, if the credentials for the resource and the requester are already cached, Local RODC server administration performed by a delegated RODC server administrator.

Question No: 43 – (Topic 1)

You need to ensure that users who enter three successive invalid passwords within 5 minutes are locked out for 5 minutes.

Which three actions should you perform? (Each correct answer presents part of the solution.

Choose three.)

  1. Set the Minimum password age setting to one day.

  2. Set the Maximum password age setting to one day.

  3. Set the Account lockout duration setting to 5 minutes.

  4. Set the Reset account lockout counter after setting to 5 minutes.

  5. Set the Account lockout threshold setting to 3 invalid logon attempts.

  6. Set the Enforce password history setting to 3 passswords remembered.

Answer: C,D,E Explanation:

Ensurepass 2018 PDF and VCE

C:\Documents and Settings\usernwz1\Desktop\1.PNG

Question No: 44 – (Topic 1)

Your company has an Active Directory forest that runs at the functional level of Windows Server 2008.

You implement Active Directory Rights Management Services (AD RMS).

You install Microsoft SQL Server 2005. When you attempt to open the AD RMS administration Web site, you receive the following error message: quot;SQL Server does not exist or access denied.quot;

You need to open the AD RMS administration Web site.

Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

  1. Restart IIS.

  2. Manually delete the Service Connection Point in AD DS and restart AD RMS.

  3. Install Message Queuing.

  4. Start the MSSQLSVC service.

Answer: A,D Explanation:

http://technet.microsoft.com/en-us/library/cc747605(v=ws.10).aspx#BKMK_1 RMS Administration Issues

quot;SQL Server does not exist or access deniedquot; message received when attempting to open the RMS

Administration Web site

If you have installed RMS by using a new installation of SQL Server 2005 as your database server the SQL Server Service might not be started. In SQL Server 2005, the MSSQLSERVER service is not configured to automatically start when the server is started. If you have restarted your SQL Server since installing RMS and have not configured this service to automatically restart RMS will not be able to function and only the RMS Global Administration page will be accessible.

After you have started the MSSQLSERVER service, you must restart IIS on each RMS server in the cluster to restore RMS functionality.

Question No: 45 – (Topic 1)

A user in a branch office of your company attempts to join a computer to the domain, but the attempt fails.

You need to enable the user to join a single computer to the domain.

You must ensure that the user is denied any additional rights beyond those required to complete the task.

What should you do?

  1. Prestage the computer account in the Active Directory domain.

  2. Add the user to the Domain Administrators group for one day.

  3. Add the user to the Server Operators group in the Active Directory domain.

  4. Grant the user the right to log on locally by using a Group Policy Object (GPO).

Answer: A Explanation:

http://technet.microsoft.com/en-us/library/cc770832(v=ws.10).aspx#BKMK_1 Prestaging Client Computers

Benefits of Prestaging Client Computers Prestaging clients provides three main benefits:

An additional layer of security. You can configure Windows Deployment Services to answer only prestaged clients, therefore ensuring that clients that are not prestaged will not be able to boot from the network. Additional flexibility. Prestaging clients increases flexibility by enabling you to control the following. For instructions on performing these tasks, see the “Prestage Computers” section of How to Manage Client Computers.

  • The computer account name and location within AD DS.

  • Which server the client should network boot from.

  • Which network boot program the client should receive.

  • Other advanced options – for example, what boot image a client will receive or what Windows Deployment Services client unattend file the client should use.

    The ability for multiple Windows Deployment Services servers to service the same network segment. You can do this by restricting the server to answer only a particular set of clients. Note that the prestaged client must be in the same forest as the Windows Deployment Services server (trusted forests do not work).

    Further information:

    http://www.windows-noob.com/forums/index.php?/topic/506-how-can-i-prestage-a- computer-for-wds/howcan I PRESTAGE a computer for WDS?

    Question No: 46 – (Topic 1)

    Your company has a domain controller server that runs the Windows Server 2008 R2 operating system. The server is a backup server. The server has a single 500-GB hard disk that has three partitions for the operating system, applications, and data. You perform daily backups of the server.

    The hard disk fails. You replace the hard disk with a new hard disk of the same capacity. You restart the computer on the installation media. You select the Repair your computer option.

    You need to restore the operating system and all files. What should you do?

    1. Select the System Image Recovery option.

    2. Run the Imagex utility at the command prompt.

    3. Run the Wbadmin utility at the command prompt.

    4. Run the Rollback utility at the command prompt.

      Answer: C Explanation:

      Old answer: Run the Wbadmin utility at the command prompt. Answer: Select the System Image Recovery option.

      http://technet.microsoft.com/en-us/library/cc755163.aspx Recover the Operating System or Full Server

      Applies To: Windows Server 2008 R2

      You can recover your server operating system or full server by using Windows Recovery Environment and a backup that you created earlier with Windows Server Backup.

      You can access the recovery and troubleshooting tools in Windows Recovery Environment through the System

      Recovery Options dialog box in the Install Windows Wizard. In Windows Server 2008 R2, to launch this wizard, use the Windows Setup disc or start/restart the computer, press F8, and then select Repair Your Computer from the list of startup options.

      To recover your operating system or full server using a backup created earlier and Windows Setup disc

      1. Insert the Windows Setup disc that has the same architecture of the system that you are trying to recover into the CD or DVD drive and start or restart the computer. If needed, press the required key to boot from the disc. The Install Windows Wizard should appear.

      2. In Install Windows, specify language settings, and then click Next.

      3. Click Repair your computer.

      4. Setup searches the hard disk drives for an existing Windows installation and then displays the results in System Recovery Options. If you are recovering the operating system onto separate hardware, the list should be empty (there should be no operating system on the computer). Click Next.

      5. On the System Recovery Options page, click System Image Recovery. This opens the Re-image your computer page.

        http://technet.microsoft.com/en-us/magazine/dd767786.aspx

        Use the Wbadmin Backup Command Line Utility in Windows Server 2008

        Wbadmin is the command-line counterpart to Windows Server Backup. You use Wbadmin to manage all aspects of backup configuration that you would otherwise manage in Windows Server Backup. This means that you can typically use either tool to manage backup and recovery.

        After you’ve installed the Backup Command-Line Tools feature, you can use Wbadmin to manage backup and recovery. Wbadmin is located in the %SystemRoot%\System32\ directory. As this directory is in your command path by default, you do not need to add this directory to your command path.

        Further information:

        Ensurepass 2018 PDF and VCE

        http://technet.microsoft.com/en-us/library/cc754015(v=ws.10).aspx Wbadmin Enables you to back up and restore your operating system, volumes, files, folders, and applications from a command prompt.

        C:\Documents and Settings\usernwz1\Desktop\1.PNG Remarks

        The wbadmin command replaces the ntbackup command that was released with previous versions of Windows. You cannot recover backups that you created with ntbackup by using wbadmin. However, a version of ntbackup is available as a download for Windows Server 2008, Windows Vista, Windows Server 2008 R2, or Windows 7 users who want to recover backups that they created using ntbackup. This downloadable version of ntbackup enables you to perform recoveries only of legacy backups, and it cannot be used on computers running Windows Server 2008, Windows Vista, Windows Server 2008 R2, or Windows 7 to create new backups.

        http://technet.microsoft.com/en-us/library/dd979562(v=ws.10).aspx Backup and Recovery Overview for Windows Server 2008 R2

        Windows Server 2008 R2 contains features to help you create backups and, if needed, perform a recovery of your operating system, applications, and data. By using these features appropriately and implementing good operational practices, you can improve your organization#39;s ability to recover from damaged or lost data, hardware failures, and disasters. For Windows Server 2008 R2, there are new features that expand what you can back up, where you can store backups, and how you can perform recoveries.

        This table summarizes the tools you can use to perform the following backup or recovery tasks for your computers running Windows Server 2008 R2:

        Ensurepass 2018 PDF and VCE

        C:\Documents and Settings\usernwz1\Desktop\1.PNG

        What is Windows Recovery Environment?

        You can access the recovery and troubleshooting tools in Windows Recovery Environment through the System Recovery Options dialog box in the Install Windows Wizard.

        In Windows Server 2008 R2, to launch this wizard, use the Windows Setup disc or start/restart the computer, press F8, and then select Repair Your Computer from the list of startup options.

        Features in Windows Recovery Environment

        The tools in Windows Recovery Environment include:

        System Image Recovery. You can use this tool and a backup that you created earlier with Windows Server Backup to restore your operating system or full server.

        Windows Memory Diagnostic. You can use this tool (which is a memory diagnostic schedule) to check your computer#39;s RAM. Doing this requires a restart. In addition, this tool requires a valid Windows Server 2008, Windows Vista, Windows Server 2008 R2, or Windows 7 installation to function. Command Prompt. This opens a command prompt window with Administrator privileges that provides full access to your file system and volumes. In addition, certain Wbadmin commands are only available from this command window.

        Question No: 47 – (Topic 1)

        You have a domain controller named DC1 that runs Windows Server 2008 R2. DC1 is configured as a DNS Server for contoso.com.

        You install the DNS Server role on a member server named Server1 and then you create a standard secondary zone for contoso.com.

        You configure DC1 as the master server for the zone.

        You need to ensure that Server1 receives zone updates from DC1. What should you do?

        1. On DC1, modify the permissions of contoso.com zone.

        2. On Server1, add a conditional forwarder.

        3. On DC1, modify the zone transfer settings for the contoso.com zone.

        4. Add the Server1 computer account to the DNSUpdateProxy group.

          Answer: C

          Reference:

          http://technet.microsoft.com/en-us/library/cc771652.aspx

          Modify Zone Transfer Settings

          You can use the following procedure to control whether a zone will be transferred to other servers and which servers can receive the zone transfer.

          To modify zone transfer settings using the Windows interface

          1. Open DNS Manager.

          2. Right-click a DNS zone, and then click Properties.

          3. On the Zone Transfers tab, do one of the following:

            To disable zone transfers, clear the Allow zone transfers check box. To allow zone transfers, select the Allow zone transfers check box.

          4. If you allowed zone transfers, do one of the following: To allow zone transfers to any server, click To any server.

            To allow zone transfers only to the DNS servers that are listed on the Name Servers tab, click Only to servers listed on the Name Servers tab.

            To allow zone transfers only to specific DNS servers, click Only to the following servers, and then add the IP address of one or more DNS servers.

            Question No: 48 – (Topic 1)

            Your company has an Active Directory forest. Not all domain controllers in the forest are configured as Global Catalog Servers. Your domain structure contains one root domain and one child domain.

            You modify the folder permissions on a file server that is in the child domain. You discover that some Access Control entries start with S-1-5-21 and that no account name is listed.

            You need to list the account names. What should you do?

            1. Move the RID master role in the child domain to a domain controller that holds the Global Catalog.

            2. Modify the schema to enable replication of the friendlynames attribute to the Global Catalog.

            3. Move the RID master role in the child domain to a domain controller that does not hold the Global Catalog.

            4. Move the infrastructure master role in the child domain to a domain controller that does not hold the Global Catalog.

    Answer: D Explanation:

    http://technet.microsoft.com/en-us/library/cc780850(v=ws.10).aspx Security identifiers

    Security identifiers (SIDs) are numeric values that identify a user or group. For each access control entry (ACE), there exists a SID that identifies the user or group for whom access is allowed, denied, or audited. Well-known security identifiers (special identities):

    Network (S-1-5-2) Includes all users who are logged on through a network connection. Access tokens for interactive users do not contain the Network SID. http://technet.microsoft.com/en-us/library/cc773108(v=ws.10).aspx

    Operations master roles Active Directory supports multimaster replication of the directory data store between all domain controllers (DC) in the domain, so all domain controllers in a domain are essentially peers. However, some changes are impractical to perform in using multimaster replication, so, for each of these types of changes, one domain controller, called the operations master, accepts requests for such changes.

    In every forest, there are at least five operations master roles that are assigned to one or more domain controllers. Forest-wide operations master roles must appear only once in every forest. Domain-wide operations master roles must appear once in every domain in the forest.

    Domain-wide operations master roles

    Every domain in the forest must have the following roles: Relative ID (RID) master

    Primary domain controller (PDC) emulator master Infrastructure master

    These roles must be unique in each domain. This means that each domain in the forest can have only one RID master, PDC emulator master, and infrastructure master.

    Infrastructure master

    At any time, there can be only one domain controller acting as the infrastructure master in each domain.

    The infrastructure master is responsible for updating references from objects in its domain to objects in other domains. The infrastructure master compares its data with that of a global catalog. Global catalogs receive regular updates for objects in all domains through replication, so the global catalog data will always be up to date. If the infrastructure master finds data that is out of date, it requests the updated data from a global catalog. The infrastructure master then replicates that updated data to the other domain controllers in the domain.

    Important

    Unless there is only one domain controller in the domain, the infrastructure master role should not be assigned to the domain controller that is hosting the global catalog. If the infrastructure master and global catalog are on the same domain controller, the infrastructure master will not function. The infrastructure master will never find data that is out of date, so it will never replicate any changes to the other domain controllers in the domain.

    In the case where all of the domain controllers in a domain are also hosting the global catalog, all of the domain controllers will have the current data and it does not matter which domain controller holds the infrastructure master role.

    The infrastructure master is also responsible for updating the group-to-user references whenever the members of groups are renamed or changed. When you rename or move a member of a group (and that member resides in a different domain from the group), the group may temporarily appear not to contain that member.

    The infrastructure master of the group#39;s domain is responsible for updating the group so it knows the new name or location of the member. This prevents the loss of group memberships associated with a user account when the user account is renamed or moved. The infrastructure master distributes the update via multimaster replication.

    There is no compromise to security during the time between the member rename and the group update. Only an administrator looking at that particular group membership would notice the temporary inconsistency.

    Question No: 49 – (Topic 1)

    Your company has recently acquired a new subsidiary company in Quebec. The Active Directory administrators of the subsidiary company must use the French-language version of the administrative templates.

    You create a folder on the PDC emulator for the subsidiary domain in the path

    %systemroot%\SYSVOL\domain\Policies\PolicyDefinitions\FR.

    You need to ensure that the French-language version of the templates is available. What should you do?

    1. Download the Conf.adm, System.adm, Wuau.adm, and Inetres.adm files from the Microsoft Web site. Copy the ADM files to the FR folder.

    2. Copy the ADML files from the French local installation media for Windows Server 2008 R2 to the FR folder on the subsidiary PDC emulator.

    3. Copy the Install.WIM file from the French local installation media for Windows Server 2008 R2 to the FR folder on the subsidiary PDC emulator.

    4. Copy the ADMX files from the French local installation media for Windows Server 2008 R2 to the FR folder on the subsidiary PDC emulator.

    Answer: B Explanation:

    http://technet.microsoft.com/en-us/library/cc772507(v=ws.10).aspx admx and .adml File Structure

    In order to support the multilingual display of policy settings, the ADMX file structure must be broken into two types of files:

    A language-neutral file, .admx, describing the structure of the categories and Administrative template policy settings displayed in the Group Policy Management Console (GPMC) or Local Group Policy Editor.

    A set of language-dependent files, .adml, providing the localized portions displayed in the GPMC or Local

    Group Policy Editor. Each .adml file represents a single language you wish to support. Language-neutral file (.admx) structure

    Language resource file (.adml) structure

    The language resource files, .adml, provide the language specific information needed by the language neutral file. The language neutral file will then reference specific sections of the language resource file in order for the GPMC or Local Group Policy Editor to display a policy setting in the correct language.

    Question No: 50 – (Topic 1)

    You need to identify all failed logon attempts on the domain controllers. What should you do?

    1. View the Netlogon.log file.

    2. View the Security tab on the domain controller computer object.

    3. Run Event Viewer.

    4. Run the Security and Configuration Wizard.

    Answer: C Explanation:

    http://support.microsoft.com/kb/174074 Security Event Descriptions

    This article contains descriptions of various security-related and auditing- related events, and tips for

    interpreting them.

    These events will all appear in the Security event log and will be logged with a source of quot;Security.quot;

    Event ID: 529 Type: Failure Audit

    Description: Logon Failure:

    Reason: Unknown user name or bad password User Name: %1 Domain: %2

    Logon Type: %3 Logon Process: %4

    Authentication Package: %5 Workstation Name: %6

    Event ID: 530 Type: Failure Audit

    Description: Logon Failure:

    Reason: Account logon time restriction violation User Name: %1 Domain: %2

    Logon Type: %3 Logon Process: %4

    Authentication Package: %5 Workstation Name: %6

    Event ID: 531 Type: Failure Audit

    Description: Logon Failure: Reason: Account currently disabled User Name: %1 Domain: %2

    Logon Type: %3 Logon Process: %4

    Authentication Package: %5 Workstation Name: %6

    Event ID: 532 Type: Failure Audit

    Description: Logon Failure:

    Reason: The specified user account has expired User Name: %1 Domain: %2

    Logon Type: %3 Logon Process: %4

    Authentication Package: %5 Workstation Name: %6

    Event ID: 533 Type: Failure Audit

    Description: Logon Failure:

    Reason: User not allowed to logon at this computer User Name: %1 Domain: %2

    Logon Type: %3 Logon Process: %4

    Authentication Package: %5 Workstation Name: %6

    Event ID: 534 Type: Failure Audit

    Description: Logon Failure:

    Reason: The user has not been granted the requested logon type at this machine

    User Name: %1 Domain: %2

    Logon Type: %3 Logon Process: %4

    Authentication Package: %5 Workstation Name: %6

    Event ID: 535 Type: Failure Audit

    Description: Logon Failure:

    Reason: The specified account#39;s password has expired User Name: %1 Domain: %2

    Logon Type: %3 Logon Process: %4

    Authentication Package: %5 Workstation Name: %6

    Event ID: 536 Type: Failure Audit

    Description: Logon Failure:

    Reason: The NetLogon component is not active User Name: %1 Domain: %2

    Logon Type: %3 Logon Process: %4

    Authentication Package: %5 Workstation Name: %6

    Event ID: 537 Type: Failure Audit

    Description: Logon Failure:

    Reason: An unexpected error occurred during logon User Name: %1 Domain: %2

    Logon Type: %3 Logon Process: %4

    Authentication Package: %5 Workstation Name: %6

    100% Ensurepass Free Download!
    70-640 PDF
    100% Ensurepass Free Guaranteed!
    70-640 Dumps

    EnsurePass ExamCollection Testking
    Lowest Price Guarantee Yes No No
    Up-to-Dated Yes No No
    Real Questions Yes No No
    Explanation Yes No No
    PDF VCE Yes No No
    Free VCE Simulator Yes No No
    Instant Download Yes No No

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.