70-640 Exam
70 640 pdf : Jun 2021 Edition
Testking offers free demo for mcitp 70 640 exam. "TS: Windows Server 2008 Active Directory. Configuring", also known as mcitp 70 640 exam, is a Microsoft Certification. This set of posts, Passing the Microsoft microsoft 70 640 exam, will help you answer those questions. The microsoft 70 640 Questions & Answers covers all the knowledge points of the real exam. 100% real Microsoft microsoft 70 640 exams and revised by experts!
Q31. You need to deploy a read-only domain controller (RODC) that runs Windows Server 2008 R2.
What is the minimal forest functional level that you should use?
A. Windows Server 2008 R2
B. Windows Server 2008
C. Windows Server 2003
D. Windows 2000
Answer: C
Explanation:
http://technet.microsoft.com/en-us/library/cc731243.aspx
Prerequisites for Deploying an RODC
Complete the following prerequisites before you deploy a read-only domain controller (RODC):
Ensure that the forest functional level is Windows Server 2003 or higher, so that linked-valuereplication (LVR) is available.
Q32. Your network consists of a single Active Directory domain. All domain controllers run Windows Server 2008 R2.
You need to capture all replication errors from all domain controllers to a central location.
What should you do?
A. Start the Active Directory Diagnostics data collector set.
B. Start the System Performance data collector set.
C. Install Network Monitor and create a new a new capture.
D. Configure event log subscriptions.
Answer: D
Explanation:
http://technet.microsoft.com/en-us/library/cc748890.aspx Configure Computers to Forward and Collect Events Before you can create a subscription to collect events on a computer, you must configure both the collecting computer (collector) and each computer from which events will be collected (source). http://technet.microsoft.com/en-us/library/cc749183.aspx Event Subscriptions Event Viewer enables you to view events on a single remote computer. However, troubleshooting an issue might require you to examine a set of events stored in multiple logs on multiple computers. Windows Vista includes the ability to collect copies of events from multiple remote computers and store them locally. To specify which events to collect, you create an event subscription. Among other details, the subscription specifies exactly which events will be collected and in which log they will be stored locally. Once a subscription is active and events are being collected, you can view and manipulate these forwarded events as you would any other locally stored events. Using the event collecting feature requires that you configure both the forwarding and the collecting computers. The functionality depends on the Windows Remote Management (WinRM) service and the Windows Event Collector (Wecsvc) service. Both of these services must be running on computers participating in the forwarding and collecting process. http://technet.microsoft.com/en-us/library/cc961808.aspx Replication Issues
Q33. Your network contains an Active Directory domain named contoso.com.
The properties of the contoso.com DNS zone are configured as shown in the exhibit. (Click the Exhibit button.)
You need to update all service location (SRV) records for a domain controller in the domain.
What should you do?
A. Restart the Netlogon service.
B. Restart the DNS Client service.
C. Run sc.exe and specify the triggerinfo parameter.
D. Run ipconfig.exe and specify the /registerdns parameter.
Answer: A
Explanation:
MCTS 70-640 Cert Guide: Windows Server 2008 Active Directory, Configuring (Pearson IT Certification, 2010) page 62
The SRV resource records for a domain controller are important in enabling clients to locate the domain controller. The Netlogon service on domain controllers registers this resource record whenever a domain controller is restarted. You can also re-register a domain controller’s SRV resource records by restarting this service from the Services branch of Server Manager or by typing net start netlogon. An exam question might ask you how to troubleshoot the nonregistration of SRV resource records.
Q34. Your network contains an Active Directory forest. The forest contains two domains. You have a standalone root certification authority (CA).
On a server in the child domain, you run the Add Roles Wizard and discover that the option to select an enterprise CA is disabled.
You need to install an enterprise subordinate CA on the server.
What should you use to log on to the new server?
A. an account that is a member of the Certificate Publishers group in the child domain
B. an account that is a member of the Certificate Publishers group in the forest root domain
C. an account that is a member of the Schema Admins group in the forest root domain
D. an account that is a member of the Enterprise Admins group in the forest root domain
Answer: D
Explanation:
http://social.technet.microsoft.com/Forums/uk/winserversecurity/thread/887f4cec-12f6-4c15-a506-568ddb21d46b
In order to install Enterprise CA you MUST have Enterprise Admins permissions, because Configuration naming context is replicated between domain controllers in the forest (not only current domain) and are writable for Enterprise Admins (domain admins permissions are insufficient).
Q35. Your network contains an Active Directory domain. The domain contains four domain
controllers.
You modify the Active Directory schema.
You need to verify that all the domain controllers received the schema modification.
Which command should you run?
A. dcdiag.exe /a
B. netdom.exe query fsmo
C. repadmin.exe /showrepl *
D. sc.exe query ntds
Answer: C
Explanation:
http://blogs.technet.com/b/askds/archive/2009/07/01/getting-over-replmon.aspx Getting Over Replmon
Status Checking Replmon had the option to generate a status report text file. It could tell
you which servers were configured to replicate with each other, if they had any errors, and
so on. It was pretty useful actually, and one of the main reasons people liked the tool.
Repadmin.exe offers similar functionality within a few of its command line options. For
example, we can get a summary report:
Repadmin /replsummary *
C:\Documents and Settings\usernwz1\Desktop\1.PNG
Several DCs have been taken offline. Repadmin shows the correct error of 58 – that the
other DCs are not available and cannot tell you their status.
You can also use more verbose commands with Repadmin to see details about which DCs
are or are not replicating:
Repadmin /showrepl *
C:\Documents and Settings\usernwz1\Desktop\1.PNG
Q36. Your network contains an Active Directory domain. The domain contains a member server named Server1 that runs Windows Server 2008 R2.
You need to configure Server1 as a global catalog server.
What should you do?
A. Modify the Active Directory schema.
B. From Ntdsutil, use the Roles option.
C. Run the Active Directory Domain Services Installation Wizard on Server1.
D. Move the Server1 computer object to the Domain Controllers organizational unit (OU).
Answer: C
Explanation:
Now it's just a member server, so you'll have to run dcpromo to start the Active Directory Domain Services Installation Wizard in order to promote the server to a domain controller. Only a domain controller can be a global catalog server.
Explanation:
http://technet.microsoft.com/en-us/library/cc728188.aspx
The global catalog is a distributed data repository that contains a searchable, partial representation of every object in every domain in a multidomain Active Directory Domain Services (AD DS) forest. The global catalog is stored on domain controllers that have been designated as global catalog servers and is distributed through multimaster replication.
Q37. You have an existing Active Directory site named Site1. You create a new Active Directory site and name it Site2.
You need to configure Active Directory replication between Site1 and Site2. You install a new domain controller.
You create the site link between Site1 and Site2.
What should you do next?
A. Use the Active Directory Sites and Services console to assign a new IP subnet to Site2. Move the new domain controller object to Site2.
B. Use the Active Directory Sites and Services console to configure a new site link bridge object.
C. Use the Active Directory Sites and Services console to decrease the site link cost between Site1 and Site2.
D. Use the Active Directory Sites and Services console to configure the new domain controller as a preferred bridgehead server for Site1.
Answer: A
Explanation:
http://www.enterprisenetworkingplanet.com/netsysm/article.php/624411/Intersite-eplication.htm Inter-site Replication The process of creating a custom site link has five basic steps:
1. Create the site link.
2. Configure the site link's associated attributes.
3. Create site link bridges.
4. Configure connection objects. (This step is optional.)
5. Designate a preferred bridgehead server. (This step is optional)
http://technet.microsoft.com/en-us/library/cc759160%28v=ws.10%29.aspx Replication between sites
Q38. You need to ensure that users who enter three successive invalid passwords within 5 minutes are locked out for 5 minutes.
Which three actions should you perform? (Each correct answer presents part of the solution.
Choose three.)
A. Set the Minimum password age setting to one day.
B. Set the Maximum password age setting to one day.
C. Set the Account lockout duration setting to 5 minutes.
D. Set the Reset account lockout counter after setting to 5 minutes.
E. Set the Account lockout threshold setting to 3 invalid logon attempts.
F. Set the Enforce password history setting to 3 passswords remembered.
Answer: C,D,E
Explanation:
C:\Documents and Settings\usernwz1\Desktop\1.PNG
Q39. Your network contains an Active Directory domain. The domain contains two domain controllers named DC1 and DC2.
You perform a full backup of the domain controllers every night by using Windows Server Backup.
You update a script in the SYSVOL folder.
You discover that the new script fails to run properly. You need to restore the previous version of the script in the SYSVOL folder. The solution must minimize the amount of time required to restore the script.
What should you do first?
A. Run the Restore-ADObject cmdlet.
B. Restore the system state to its original location.
C. Restore the system state to an alternate location.
D. Attach the VHD file created by Windows Server Backup.
Answer: D
Explanation:
http://technet.microsoft.com/en-us/magazine/2008.05.adbackup.aspx Active Directory Backup and Restore in Windows Server 2008 NTBACKUP vs. Windows Server Backup As an added bonus, Windows Server Backup stores its backup images in Microsoft. Virtual Hard Disk (VHD) format. You can actually take a backup image and mount it as a volume in a virtual machine running under Microsoft Virtual Server 2005. You can simply mount the VHDs in a virtual machine and browse for a particular file rather than having to perform test restores of tapes to see which one has the file is on it. (A note of caution: you can't take a backup image and boot a virtual machine from it. Since the backed-up hardware configuration doesn't correspond to the virtual machine's configuration, you can't use Windows Server Backup as a physical-to-virtual migration tool.)
Q40. Your company network has an Active Directory forest that has one parent domain and one child domain. The child domain has two domain controllers that run Windows Server 2008. All user accounts from the child domain are migrated to the parent domain. The child domain is scheduled to be decommissioned.
You need to remove the child domain from the Active Directory forest.
What are two possible ways to achieve this goal? (Each correct answer presents a complete solution. Choose two.)
A. Run the Computer Management console to stop the Domain Controller service on both domain controllers in the child domain.
B. Delete the computer accounts for each domain controller in the child domain. Remove the trust relationship between the parent domain and the child domain.
C. Use Server Manager on both domain controllers in the child domain to uninstall the Active Directory domain services role.
D. Run the Dcpromo tool that has individual answer files on each domain controller in the child domain.
Answer: C,D
Explanation:
http://technet.microsoft.com/en-us/library/cc755937%28v=ws.10%29.aspx Decommissioning a Domain Controller To complete this task, perform the following procedures:
1. View the current operations master role holders
2. Transfer the schema master
3. Transfer the domain naming master
4. Transfer the domain-level operations master roles
5. Determine whether a domain controller is a global catalog server
6. Verify DNS registration and functionality
7. Verify communication with other domain controllers
8. Verify the availability of the operations masters
9. If the domain controller hosts encrypted documents, perform the following procedure before you remove Active Directory to ensure that the encrypted files can be recovered after Active Directory is removed: Export a certificate with the private key 10.Uninstall Active Directory 11.If the domain controller hosts encrypted documents and you backed up the certificate and private key before you remove Active Directory, perform the following procedure to re-import the certificate to the server: Import a certificate
12. Determine whether a Server object has child objects
13. Delete a Server object from a site
http://technet.microsoft.com/en-us/library/cc737258%28v=ws.10%29.aspx Uninstall Active Directory To uninstall Active Directory
1. Click Start, click Run, type dcpromo and then click OK.