70-640 Exam
70-640 pdf : Aug 2021 Edition
Examcollection.com presents the actual high-quality and trustworthy Microsoft Microsoft simulation tests. All of us are certain that you will get through the Microsoft 70-640 actual exam with Examcollections beneficial preparation materials. Or perhaps you will get full refund. Each of our experts make certain that the Microsoft 70-640 exam questions are usually precise, accurate, as well as logical which will cause you to be succeed in the actual Microsoft exam.
2021 Aug microsoft official academic course 70-640 pdf:
Q111. Your network contains an Active Directory forest. All domain controllers run Windows Server 2008 R2 and are configured as DNS servers.
You have an Active Directory-integrated zone for contoso.com.
You have a Unix-based DNS server.
You need to configure your Windows Server 2008 R2 environment to allow zone transfers
of the contoso.com zone to the Unix-based DNS server.
What should you do in the DNS Manager console?
A. Enable BIND secondaries
B. Create a stub zone
C. Disable recursion
D. Create a secondary zone
Answer: A
Explanation:
http://skibbz.com/understanding-of-advance-properties-settings-in-window-server-2003-and-2008-dns-serverbind-secondaries/ Understanding Of Advance Properties Settings In Window Server 2003 And 2008 DNS Server (BIND Secondaries) BIND Secondaries controls the zone transfer between different vendor DNS server. It help verifies the type of format used zone transfer, whether it is fast or slow transfer (zone transfer). The full mean of BIND is Berkeley Internet Name domain (BIND). BIND is a based on UNIX operating system. Two window servers do not required BIND. BIND is only required when transfer dns zone between two different dns server vendors (UNIX and Microsoft Window). If you are using only Window server for dns and zone transfer you will have to disable this option in the window dns server. However if you want the server to perform a slow zone transfer and uncompressed data transfer then you will have to enable BIND in the dns server. To reiterate, BIND only provide slow dns zone transfer and data compression mechanism for DNS server. BIND is understood to have been introduced in window server to support UNIX. System admin will normally disable this option if they want the data in their dns zone transfer to between primary and secondary dns server to be transfer faster in order to improve dns queries efficiency within their network environment Bind is used in a DNS window server, when the needs to configured zone transfer between window server and UNIX server or operative system. Bind is enabled when a window server is configured as a primary dns server and a UNIX computer is configured as a secondary dns server for zone transfer. BIND Secondaries need to be configured to mitigate, the problem of interoperability between the two server operating system since they are from different vendors. Note that old version of the BIND was noted to be very slow and uses an uncompressed zone transfer format. However, BIND in window server 2008 and later has improved this problem. This is because it was noted that BIND in window server 2008 and later uses faster, compressed format during zone transfer between primary and secondary DNS server configured in for different server operating system (UNIX and Window server).
Q112. Company has a single domain network with Windows 2000, Windows 2003, and Windows 2008 servers. Client computers running Windows XP and Windows Vista. All domain controllers are running Windows server 2008.
You need to deploy Active Directory Rights Management System (AD RMS) to secure all documents, spreadsheets and to provide user authentication.
What do you need to configure, in order to complete the deployment of AD RMS?
A. Upgrade all client computers to Windows Vista. Install AD RMS on domain controller Company _DC1
B. Ensure that all Windows XP computers have the latest service pack and install the RMS client on all systems. Install AD RMS on domain controller Company _DC1
C. Upgrade all client computers to Windows Vista. Install AD RMS on Company _SRV5
D. Ensure that all Windows XP computers have the latest service pack and install the RMS client on all systems. Install AD RMS on domain controller Company _SRV5
E. None of the above
Answer: D
Explanation:
http://technet.microsoft.com/en-us/library/dd772753%28v=ws.10%29.aspx AD RMS Client Requirements Windows AD RMS Client Windows 7, all editions Windows Server 2008 R2, all editions except Core Editions Windows Vista, all editions Windows Server 2008, all editions except Core Editions Windows XP SP3 32-bit Edition Windows XP SP3 64-bit Edition Windows Server 2003 with SP1 32-bit Edition Windows Server 2003 with SP1 64-bit Edition Windows Server 2003 for Itanium-based systems with SP1 Windows Server 2003 R2 32-bit Edition Windows Server 2003 R2 64-bit Edition Windows Server 2003 R2 for Itanium-based systems Windows Small Business Server 2003 32-bit Edition Windows Server 2000 SP4 32-bit Edition
http://technet.microsoft.com/en-us/library/dd772659%28v=ws.10%29.aspx AD RMS Prerequisites Before you install AD RMS Before you install Active Directory Rights Management Services (AD RMS) on Windows Server. 2008 R2 for the first time, there are several requirements that must be met. Install the AD RMS server as a member server in the same Active Directory Domain Services (AD DS) forest as the user accounts that will be using rights-protected content.
Q113. ABC.com has purchased laptop computers that will be used to connect to a wireless network.
You create a laptop organizational unit and create a Group Policy Object (GPO) and configure user profiles by utilizing the names of approved wireless networks.
You link the GPO to the laptop organizational unit. The new laptop users complain to you that they cannot connect to a wireless network.
What should you do to enforce the group policy wireless settings to the laptop computers?
A. Execute gpupdate/target:computer command at the command prompt on laptop computers
B. Execute Add a network command and leave the SSID (service set identifier) blank
C. Execute gpupdate/boot command at the command prompt on laptops computers
D. Connect each laptop computer to a wired network and log off the laptop computer and then login again.
E. None of the above
Answer: D
Q114. Your network contains an Active Directory domain. The domain contains several domain controllers.All domain controllers run Windows Server 2008 R2.
You need to restore the Default Domain Controllers Policy Group Policy object (GPO) to the Windows Server 2008 R2 default settings.
What should you do?
A. Run dcgpofix.exe /target:dc.
B. Run dcgpofix.exe /target:domain.
C. Delete the link for the Default Domain Controllers Policy, and then run gpupdate.exe /sync.
D. Delete the link for the Default Domain Controllers Policy, and then run gpupdate.exe /force.
Answer: A
Explanation:
http://technet.microsoft.com/en-us/library/hh875588.aspx
Dcgpofix Recreates the default Group Policy Objects (GPOs) for a domain.
Syntax
DCGPOFix [/ignoreschema] [/target: {Domain | DC | Both}] [/?]
/ignoreschema Ignores the version of the Active Directory. schema when you run this command. Otherwise, the command only works on the same schema version as the Windows version in which the command was shipped.
/target {Domain | DC | Both} Specifies which GPO to restore. You can restore the Default Domain Policy GPO, the Default Domain Controllers GPO, or both.
Examples
Restore the Default Domain Controllers Policy GPO to its original state. You will lose any changes that you have made to this GPO. dcgpofix /ignoreschema /target:DC
Q115. Your network consists of a single Active Directory domain. All domain controllers run Windows Server 2008 R2.
You need to capture all replication errors from all domain controllers to a central location.
What should you do?
A. Start the Active Directory Diagnostics data collector set.
B. Start the System Performance data collector set.
C. Install Network Monitor and create a new a new capture.
D. Configure event log subscriptions.
Answer: D
Explanation:
http://technet.microsoft.com/en-us/library/cc748890.aspx Configure Computers to Forward and Collect Events Before you can create a subscription to collect events on a computer, you must configure both the collecting computer (collector) and each computer from which events will be collected (source). http://technet.microsoft.com/en-us/library/cc749183.aspx Event Subscriptions Event Viewer enables you to view events on a single remote computer. However, troubleshooting an issue might require you to examine a set of events stored in multiple logs on multiple computers. Windows Vista includes the ability to collect copies of events from multiple remote computers and store them locally. To specify which events to collect, you create an event subscription. Among other details, the subscription specifies exactly which events will be collected and in which log they will be stored locally. Once a subscription is active and events are being collected, you can view and manipulate these forwarded events as you would any other locally stored events. Using the event collecting feature requires that you configure both the forwarding and the collecting computers. The functionality depends on the Windows Remote Management (WinRM) service and the Windows Event Collector (Wecsvc) service. Both of these services must be running on computers participating in the forwarding and collecting process. http://technet.microsoft.com/en-us/library/cc961808.aspx Replication Issues
Regenerate exam 70-640:
Q116. Your network contains an Active Directory domain named contoso.com.
The contoso.com DNS zone is stored in Active Directory. All domain controllers run Windows Server 2008 R2.
You need to identify if all of the DNS records used for Active Directory replication are correctly registered.
What should you do?
A. From the command prompt, use netsh.exe.
B. From the command prompt, use dnslint.exe.
C. From the Active Directory Module for Windows PowerShell, run the Get-ADRootDSE cmdlet.
D. From the Active Directory Module for Windows PowerShell, run the Get-ADDomainController cmdlet.
Answer: B
Explanation:
http://technet.microsoft.com/en-us/library/dd197560.aspx Dnslint.exe
DNSLint is a Microsoft Windows tool that can be used to help diagnose common DNS name resolution issues. It can be targeted to look for specific DNS record sets and ensure that they are consistent across multiple DNS servers. It can also be used to verify that DNS records used specifically for Active Directory replication are correct.
Q117. Your company has a main office and a branch office. The main office contains two domain controllers.
You create an Active Directory site named BranchOfficeSite.
You deploy a domain controller in the branch office, and then add the domain controller to the BranchOfficeSite site.
You discover that users in the branch office are randomly authenticated by either the domain controller in the branch office or the domain controllers in the main office.
You need to ensure that the users in the branch office always attempt to authenticate to the domain controller in the branch office first.
What should you do?
A. Create organizational units (OUs).
B. Create Active Directory subnet objects.
C. Modify the slow link detection threshold.
D. Modify the Location attribute of the computer objects.
Answer: B
Explanation:
http://technet.microsoft.com/en-us/library/cc754697.aspx Understanding Sites, Subnets, and Site Links Sites overview Sites in AD DS represent the physical structure, or topology, of your network. AD DS uses network topology information, which is stored in the directory as site, subnet, and site link objects, to build the most efficient replication topology. The replication topology itself consists of the set of connection objects that enable inbound replication from a source domain controller to the destination domain controller that stores the connection object. The Knowledge Consistency Checker (KCC) creates these connection objects automatically on each domain controller.
Associating sites and subnets A subnet object in AD DS groups neighboring computers in much the same way that postal codes group neighboring postal addresses. By associating a site with one or more subnets, you assign a set of IP addresses to the site. Note The term "subnet" in AD DS does not have the strict networking definition of the set of all addresses behind a single router. The only requirement for an AD DS subnet is that the address prefix conforms to the IP version 4 (IPv4) or IP version 6 (IPv6) format. When you add the Active Directory Domain Services server role to create the first domain controller in a forest, a default site (Default-First-Site-Name) is created in AD DS. As long as this site is the only site in the directory, all domain controllers that you add to the forest are assigned to this site. However, if your forest will have multiple sites, you must create subnets that assign IP addresses to Default-First-Site-Name as well as to all additional sites.
Locating domain controllers by site Domain controllers register service (SRV) resource records in Domain Name System (DNS) that identify their site names. Domain controllers also register host (A) resource records in DNS that identify their IP addresses. When a client requests a domain controller, it provides its site name to DNS. DNS uses the site name to locate a domain controller in that site (or in the next closest site to the client). DNS then provides the IP address of the domain controller to the client for the purpose of connecting to the domain controller. For this reason, it is important to ensure that the IP address that you assign to a domain controller maps to a subnet that is associated with the site of the respective server object. Otherwise, when a client requests a domain controller, the IP address that is returned might be the IP address of a domain controller in a distant site. When a client connects to a distant site, the result can be slow performance and unnecessary traffic on expensive WAN links.
Q118. Your network contains an Active Directory domain named contoso.com. Contoso.com contains three servers.
The servers are configured as shown in the following table.
You need to ensure that users can manually enroll and renew their certificates by using the Certificate Enrollment Web Service.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Configure the policy module settings.
B. Configure the issuance requirements for the certificate templates.
C. Configure the Certificate Services Client - Certificate Enrollment Policy Group Policy setting.
D. Configure the delegation settings for the Certificate Enrollment Web Service application pool account.
Answer: B,D
Explanation: Explanation 1:
http://technet.microsoft.com/en-us/library/dd759245.aspx
The Certificate Enrollment Web Service can process enrollment requests for new certificates and for certificate renewal. In both cases, the client computer submits the request to the Web service and the Web service submits the request to the certification authority (CA) on behalf of the client computer. For this reason, the Web service account must be trusted for delegation in order to present the client identity to the CA.
Explanation 2: http://social.technet.microsoft.com/wiki/contents/articles/7734.certificate-enrollment-web-services-in-active-directory-certificate-services.aspx
Delegation is required for the Certificate Enrollment Web Service account when all of the following are true: The CA is not on the same computer as the Certificate Enrollment Web Service Certificate Enrollment Web Service needs to be able to process initial enrollment requests, as opposed to only processing certificate renewal requeststhe authentication type is set to Windows Integrated Authentication or Client certificate authentication
Q119. Your network consists of an Active Directory forest named contoso.com. All servers run Windows Server 2008 R2. All domain controllers are configured as DNS servers. The contoso.com DNS zone is stored in the ForestDnsZones Active Directory application partition.
You have a member server that contains a standard primary DNS zone for dev.contoso.com.
You need to ensure that all domain controllers can resolve names for dev.contoso.com.
What should you do?
A. Modify the properties of the SOA record in the contoso.com zone.
B. Create a NS record in the contoso.com zone.
C. Create a delegation in the contoso.com zone.
D. Create a standard secondary zone on a Global Catalog server.
Answer: C
Explanation:
http://technet.microsoft.com/en-us/library/cc771640.aspx
Understanding Zone Delegation
Domain Name System (DNS) provides the option of dividing up the namespace into one or
more zones, which can then be stored, distributed, and replicated to other DNS servers.
When you are deciding whether to divide your DNS namespace to make additional zones,
consider the following reasons to use additional zones:
You want to delegate management of part of your DNS namespace to another location or
department in your organization.
You want to divide one large zone into smaller zones to distribute traffic loads among
multiple servers, improve DNS name resolution performance, or create a more-fault-tolerant DNS environment.
You want to extend the namespace by adding numerous subdomains at once, for example,
to accommodate the opening of a new branch or site.
When you delegate zones within your namespace, remember that for each new zone that
you create, you need delegation records in other zones that point to the authoritative DNS
servers for the new zone. This is necessary both to transfer authority and to provide correct
referral to other DNS servers and clients of the new servers that are being made
authoritative for the new zone.
Example: Delegating a subdomain to a new zone As shown in the following illustration, when a new zone for a subdomain (example.microsoft.com) is created, delegation from the parent zone (microsoft.com) is needed.
C:\Documents and Settings\usernwz1\Desktop\1.PNG
Q120. Your network contains two servers named Server1 and Server2 that run Windows Server 2008 R2. Server1 has Active Directory Federation Services (AD FS) 2.0 installed.
Server1 is a member of an AD FS farm. The AD FS farm is configured to use a configuration database that is stored on a separate Microsoft SQL Server.
You install AD FS 2.0 on Server2.
You need to add Server2 to the existing AD FS farm.
What should you do?
A. On Server1, run fsconfig.exe.
B. On Server1, run fsconfigwizard.exe.
C. On Server2, run fsconfig.exe.
D. On Server2, run fsconfigwizard.exe.
Answer: C
Explanation:
http://technet.microsoft.com/en-us/library/adfs2-help-how-to-configure-a-new-federation-server.aspx
Configure a New Federation Server To configure a new federation server using the command line
1. Open a Command Prompt window.
2. Change the directory to the path where AD FS 2.0 was installed.
3. To configure this computer as a federation server, type the applicable syntax using either of the following command parameters, and then press ENTER: fsconfig.exe {StandAlone|CreateFarm| CreateSQLFarm|JoinFarm|JoinSQLFarm} [deployment specific parameters] Parameter JoinSQLFarm Joins this computer to an existing federation server farm that is using SQL Server.