70-640 Exam
Examples of free training 70-640
Downloadable Exam Engine for 70-640,Whatsoever key details to the exam are usually included from the 70-640 training materials at Pass4sure. It is possible to download the Microsoft simulated tests for free. Your professional writers of Pass4sure ensure to current the related and accurate 70-640 practice questions in the training materials. We all provide the Microsoft questions as well as answers in Pdf formatting. They are reputable and newest Microsoft tests.
2021 Oct testking 70-640 pdf download:
Q51. An Active Directory database is installed on the C volume of a domain controller.
You need to move the Active Directory database to a new volume.
What should you do?
A. Copy the ntds.dit file to the new volume by using the ROBOCOPY command.
B. Move the ntds.dit file to the new volume by using Windows Explorer.
C. Move the ntds.dit file to the new volume by running the Move-item command in Microsoft Windows PowerShell.
D. Move the ntds.dit file to the new volume by using the Files option in the Ntdsutil utility.
Answer: D
Explanation:
Answer: Move the ntds.dit file to the new volume by using the Files option in the Ntdsutil utility.
http://technet.microsoft.com/en-us/library/cc816720%28v=ws.10%29.aspx Move the Directory Database and Log Files to a Local Drive You can use this procedure to move Active Directory database and log files to a local drive. When you move the files to a folder on the local domain controller, you can move them permanently or temporarily. Move the files to a temporary destination if you need to reformat the original location, or move the files to a permanent location if you have additional disk space. If you reformat the original drive, use the same procedure to move the files back after the reformat is complete. Ntdsutil.exe updates the registry when you move files locally. Even if you are moving the files only temporarily, use Ntdsutil.exe so that the registry is always current. On a domain controller that is running Windows Server 2008, you do not have to restart the domain controller in Directory Services Restore Mode (DSRM) to move database files. You can stop the Active Directory Domain Services (AD DS) service and then restart the service after you move the files to their permanent location. To move the directory database and log files to a local drive:
7. At the ntdsutil prompt, type files, and then press ENTER.
8. To move the database file, at the file maintenance: prompt, use the following commands:
Further information:
http://servergeeks.wordpress.com/2013/01/01/moving-active-directory-database-and-logs/
Moving Active Directory Database and Logs
Step 1
Start the server in Directory Services Restore Mode
Windows Server 2003/2008 Directory Service opens its files in exclusive mode. This
means that the files cannot be managed while the server is operating as a domain
controller. To perform any files movement related activities using ntdsutil, we need to start
the server in Directory Services Restore Mode.
To start the server in Directory Services Restore mode, follow these steps:
Restart the computer.
After the BIOS information is displayed, press F8.
Use the DOWN ARROW to select Directory Services Restore Mode, and then press
ENTER.
C:\Documents and Settings\usernwz1\Desktop\1.PNG
Log on with your local administrative account and password. (Not Domain Administrative account)
C:\Documents and Settings\usernwz1\Desktop\1.PNG
Note: using service control (SC.exe) you can verify quickly ntds services are running or stopped. In command prompt type SC query ntds
C:\Documents and Settings\usernwz1\Desktop\1.PNG
Step 2
How to Move Active Directory Database and Logs
You can move the Ntds.dit data file to a new folder. If you do so, the registry is updated so that Directory
Service uses the new location when you restart the server.
To move the data file to another folder, follow these steps:
Click Start, click Run, type ntdsutil in the Open box, and then press ENTER.
C:\Documents and Settings\usernwz1\Desktop\1.PNG
At the Ntdsutil command prompt, type activate instance ntds, and then press ENTER.
C:\Documents and Settings\usernwz1\Desktop\1.PNG
At the Ntdsutil command prompt, type files, and then press ENTER.
C:\Documents and Settings\usernwz1\Desktop\1.PNG
At the file maintenance command prompt, type move DB to <new location> (where new location is an existing folder that you have created for this purpose) and then press ENTER.
In this case, the new location for database is C:\AD\Database Now
C:\Documents and Settings\usernwz1\Desktop\1.PNG
Now to move logs , at the file maintenance command prompt, type move logs to <new location> (where new location is an existing folder that you have created for this purpose) and then press ENTER. In our case, the new location for database is C:\AD\Logs
C:\Documents and Settings\usernwz1\Desktop\1.PNG
To quit file maintenance, type quit. Again to Ntdsutil, type quit to close the prompt Restart the computer. AD database and Logs are moved successfully to new location.
Q52. Your network contains an Active Directory domain named contoso.com. You have a management computer named Computer1 that runs Windows 7.
You need to forward the logon events of all the domain controllers in contoso.com to Computer1.
All new domain controllers must be dynamically added to the subscription.
What should you do?
A. From Computer1, configure source-initiated event subscriptions. From a Group Policy object (GPO) linked to the Domain Controllers organizational unit (OU), configure the Event Forwarding node.
B. From Computer1, configure collector-initiated event subscriptions. From a Group Policy object (GPO) linked to the Domain Controllers organizational unit (OU), configure the Event Forwarding node.
C. From Computer1, configure source-initiated event subscriptions. Install a server authentication certificate on Computer1. Implement autoenrollment for the Domain Controllers organizational unit (OU).
D. From Computer1, configure collector-initiated event subscriptions. Install a server authentication certificate on Computer1. Implement autoenrollment for the Domain Controllers organizational unit (OU).
Answer: A
Explanation:
http://msdn.microsoft.com/en-us/library/windows/desktop/bb870973(v=vs.85).aspx
Setting up a Source Initiated Subscription
Source-initiated subscriptions allow you to define a subscription on an event collector computer without defining the event source computers, and then multiple remote event source computers can be set up (using a group policy setting) to forward events to the event collector computer. This differs from a collector initiated subscription because in the collector initiated subscription model, the event collector must define all the event sources in the event subscription.
Q53. Your network contains an Active Directory domain. All domain controllers run Windows Server 2008 R2. Client computers run either Windows XP Service Pack 3 (SP3) or Windows Vista.
You need to ensure that all client computers can apply Group Policy pExplanations.
What should you do?
A. Upgrade all Windows XP client computers to Windows 7.
B. Create a central store that contains the Group Policy ADMX files.
C. Install the Group Policy client-side extensions (CSEs) on all client computers.
D. Upgrade all Windows Vista client computers to Windows Vista Service Pack 2 (SP2).
Answer: C
Explanation:
http://www.microsoft.com/en-us/download/details.aspx?id=3628 Group Policy PExplanation Client Side Extensions for Windows XP (KB943729) Multiple Group Policy PExplanations have been added to the Windows Server 2008 Group Policy Management Console (which are also available through the Remote Server Administration Toolset (RSAT) for Windows Vista SP1).
Multiple Group Policy PExplanations have been added to the Windows Server 2008 Group Policy Management Console (which are also available through the Remote Server Administration Toolset (RSAT) for Windows Vista SP1). Group Policy PExplanations enable information technology professionals to configure, deploy, and manage operating system and application settings they previously were not able to manage using Group Policy. After you install this update, your computer will be able to process the new Group Policy PExplanation extensions. http://www.petenetlive.com/KB/Article/0000389.htm
Server 2008 Group Policy PExplanations and Client Side Extensions Problem Group Policy PExplanations (GPP) first came in with Server 2008 and were enhanced for Server 2008 R2, To be able to apply them to older Windows clients, you need to install the "Client side Extensions" (CSE), You can either script this, deploy with a group policy, or if you have WSUS you can send out the update that way.
C:\Documents and Settings\usernwz1\Desktop\1.PNG
Solution
You may not have noticed, but if you edit or create a group policy in Server 2008 now, you will see there is a "PExplanations" branch. Most IT Pro's will have seen the addition of the "Policies" folder some time ago because it adds an extra level to get to the policies that were there before :)
C:\Documents and Settings\usernwz1\Desktop\1.PNG
OK Cool! What can you do with them?
1. Computer PExplanations: Windows Settings
Environment: Lets you control, and send out Environment variables via Group Policy.
Files: Allows you to copy, modify the attributes, replace or delete a file (for folders see the
next section).
Folder: As above, but for folders.
Ini Files: Allows you to Create, Replace, Update or Delete an ini file.
Registry: Allows you to Create, Replace, Update or Delete a Registry value, You can either
manually type in the Explanation use a Wizard, or extract the key(s) values you want to send
them out via group policy.
Network Shares: Allow you to Create, Replace, Update, or Delete shares on clients via
group policy.
Shortcuts: Allows you to Create, Replace, Update, or Delete shortcuts on clients via group
policy.
2. Computer PExplanations: Control Panel Settings
Data Sources: Allows you to Create, Replace, Update, or Delete, Data Sources and ODBC
settings via group policy. (Note: there's a bug if your using SQL authentication see here).
Devices: Lets you enable and disable hardware devices by type and class, to be honest it's
a little "clunky".
Folder Options: Allows you to set "File Associations" and set the default programs that will
open particular file extensions.
Local Users and Groups: Lets you Create, Replace, Update, or Delete either local users
OR local groups.
Handy if you want to create an additional admin account, or reset all the local
administrators passwords via group policy.
Network Options: Lets you send out VPN and dial up connection settings to your clients,
handy if you use PPTP Windows Server VPN's.
Power Options: With XP these are Power Options and Power Schemes, With Vista and
later OS's they are Power Plans. This is much needed, I've seen many "Is there a group
policy for power options?" or disabling hibernation questions in forums. And you can use
the options Tab, to target particular machine types (i.e. only apply if there is a battery
present).
Printers: Lets you install printers (local or TCP/IP), handy if you want all the machines in
accounts to have the accounts printer.
Scheduled Tasks: Lets you create a scheduled task or an immediate task (Vista or Later),
this could be handy to deploy a patch or some virus/malware removal process.
Service: Essentially anything you can do in the services snap in you can push out through
group policy, set services to disables or change the logon credentials used for a service. In
addition you can set the recovery option should a service fail.
3. User Configuration: Windows Settings
Applications: Answers on a Postcard? I can't work out what these are for!
Drive Mappings: Traditionally done by login script or from the user object, but use this and
you can assign mapped drives on a user/group basis.
Environment: As above lets you control and send out Environment variables via Group
Policy, but on a user basis.
Files: As above. allows you to copy, modify the attributes, replace or delete a file (for
folders see the next section), but on a user basis.
Folders: As above, but for folders on a user by user basis.
Ini Files: As above, allows you to Create, Replace, Update or Delete an ini file, on a user by
user basis.
Registry: As above, allows you to Create, Replace, Update or Delete a Registry value, You
can either manually type in the Explanation use a Wizard, or extract the key(s) values you
want to send out via group policy, this time for users not computers.
Shortcuts: As Above, allows you to Create, Replace, Update, or Delete shortcuts on clients
via group policy for users.
4. User Configuration: Control Panel Settings
All of the following options are covered above on "Computer Configuration"
Data Sources Devices Folder Options Local Users and Groups Network Options Power Options Printers Scheduled Tasks Internet Settings: Using this Group Policy you can specify Internet Explorer settings/options on a user by user basis. Regional Options: Designed so you can change a users Locale, handy if you have one user who wants an American keyboard. Start Menu: Provides the same functionality as right clicking your task bar > properties > Start Menu > Customise, only set user by user. Explanations: http://technet.microsoft.com/en-us/library/dd367850%28WS.10%29.aspx Group Policy PExplanations
Q54. ABC.com has a software evaluation lab. There is a server in the evaluation lab named as
CKT. CKT runs Windows Server 2008 and Microsoft Virtual Server 2005 R2. CKT has 200 virtual servers running on an isolated virtual segment to evaluate software. To connect to the internet, it uses physical network interface card.
ABC.com requires every server in the company to access Internet. ABC.com security policy dictates that the IP address space used by software evaluation lab must not be used by other networks. Similarly, it states the IP address space used by other networks should not be used by the evaluation lab network.
As an administrator you find you that the applications tested in the software evaluation lab need to access normal network to connect to the vendors update servers on the internet.
You need to configure all virtual servers on the CKT server to access the internet. You also need to comply with company's security policy.
Which two actions should you perform to achieve this task? (Choose two answers. Each answer is a part of the complete solution)
A. Trigger the Virtual DHCP server for the external virtual network and run ipconfig/renew command on each virtual server
B. On CKT's physical network interface, activate the Internet Connection Sharing (ICS)
C. Use ABC.com intranet IP addresses on all virtual servers on CKT.
D. Add and install a Microsoft Loopback Adapter network interface on CKT. Use a new network interface and create a new virtual network.
E. None of the above
Answer: A,D
Explanation:
http://class10e.com/Microsoft/which-two-actions-should-you-perform-to-achieve-this-task-choose-two-answers/ To configure all virtual servers on the CKT server to access the internet and comply with company’s security policy, you should trigger the virtual DHCP server for the external virtual network and run ipconfig/renew command on each virtual server. Then add and install Microsoft Loopback adapter network interface on CKT. Create a virtual network using the new interface. When you configure the Virtual DHCP server for the external virtual network, a set of IP addresses are assigned to the virtual servers on CKT server. By running ipconfig/renew command, the new IP addresses will be renewed. The Microsoft Loopback adapter network interface will ensure that the IP address space used by other networks are not been used by the virtual servers on CKT server. You create a new virtual network on the new network interface which will enable you to access internet.
Q55. Your company has an Active Directory domain that has an organizational unit named Sales. The Sales organizational unit contains two global security groups named sales managers and sales executives.
You need to apply desktop restrictions to the sales executives group.
You must not apply these desktop restrictions to the sales managers group.
You create a GPO named DesktopLockdown and link it to the Sales organizational unit.
What should you do next?
A. Configure the Deny Apply Group Policy permission for Authenticated Users on the DesktopLockdown GPO.
B. Configure the Deny Apply Group Policy permission for the sales executives on the DesktopLockdown GPO.
C. Configure the Allow Apply Group Policy permission for Authenticated Users on the DesktopLockdown GPO.
D. Configure the Deny Apply Group Policy permission for the sales managers on the DesktopLockdown GPO.
Answer: D
Explanation:
http://support.microsoft.com/kb/816100 How to prevent domain Group Policies from applying to certain user or computer accounts Typically, if you want Group Policy to apply only to specific accounts (either user accounts, computer accounts, or both), you can put the accounts in an organizational unit, and then apply Group Policy at that organizational unit level. However, there may be situations where you want to apply Group Policy to a whole domain, although you may not want those policy settings to also apply to administrator accounts or to other specific users or groups. http://www.grouppolicy.biz/2010/05/how-to-exclude-individual-users-or-computers-from-a-group-policy-object/ Best Practice: How to exclude individual users or computers from a Group Policy Object One of the common question I see on the forums from time to time is how to exclude a user and/or a computer from having a Group Policy Object (GPO) applied. This is a relatively straight forward process however I should stress this should be used sparingly and should always be done via group membership to avoid the administrative overhead of having to constantly update the security filtering on the GPO. Step 1. Open the Group Policy Object that you want to apply an exception and then click on the “Delegation” tab and then click on the “Advanced” button.
C:\Documents and Settings\usernwz1\Desktop\1.PNG
Step 2. Click on the “Add” button and select the group (recommended) that you want to exclude from having this policy applied.
C:\Documents and Settings\usernwz1\Desktop\1.PNG
Step 3. In this example I am excluding the “Users GPO Exceptions” group for this policy. Select this group in the “Group or user names” list and then scroll down the permission and tick the “Deny” option against the “Apply Group Policy” permission.
C:\Documents and Settings\usernwz1\Desktop\1.PNG
Now any members of this “User GPO Exceptions” security group will not have this Group Policy Object applied. Having a security group to control this exception makes it much easier to control as someone only needs to modify the group membership of the group to makes changes to who (or what) get the policy applied. This makes the delegation of this task to level 1 or level 2 support much more practical as you don’t need to grant them permission to the Group Policy Objects.
Renovate mcts exam 70-640:
Q56. You need to remove the Active Directory Domain Services role from a domain controller named DC1.
What should you do?
A. Run the netdom remove DC1 command.
B. Run the Dcpromo utility. Remove the Active Directory Domain Services role.
C. Run the nltest /remove_server: DC1 command.
D. Reset the Domain Controller computer account by using the Active Directory Users and Computers utility.
Answer: B
Explanation:
Answer: Run the Dcpromo utility. Remove the Active Directory Domain Services role.
http://technet.microsoft.com/en-us/library/cc771844%28v=ws.10%29.aspx Removing a Domain Controller from a Domain
To remove a domain controller by using the Windows interface
1. Click Start, click Run, type dcpromo, and then press ENTER.
Further information: http://technet.microsoft.com/en-us/library/cc772217%28v=ws.10%29.aspx Netdom Enables administrators to manage Active Directory domains and trust relationships from the command prompt. Netdom is a command-line tool that is built into Windows Server 2008 and Windows Server 2008 R2. It is available if you have the Active Directory Domain Services (AD DS) server role installed. It is also available if you install the Active Directory Domain Services Tools that are part of the Remote Server Administration Tools (RSAT). Commands Netdom remove
Removes a workstation or server from the domain.
http://technet.microsoft.com/en-us/library/cc731935%28v=ws.10%29.aspx Nltest Performs network administrative tasks. Nltest is a command-line tool that is built into Windows Server 2008 and Windows Server 2008 R2. It is available if you have the AD DS or the AD LDS server role installed. It is also available if you install the Active Directory Domain Services Tools that are part of the Remote Server Administration Tools (RSAT). You can use nltest to: Get a list of domain controllers Force a remote shutdown Query the status of trust Test trust relationships and the state of domain controller replication in a Windows domain Force a user-account database to synchronize on Windows NT version 4.0 or earlier domain controllers Personal comment #1: There is no /remove_server switch for the nltest command Personal comment #2: Resetting the Domain Controller's computer account has nothing to do with this question
Q57. Your company has an Active Directory forest that contains a single domain. The domain member server has an Active Directory Federation Services (AD FS) role installed.
You need to configure AD FS to ensure that AD FS tokens contain information from the Active Directory domain.
What should you do?
A. Add and configure a new account partner.
B. Add and configure a new resource partner.
C. Add and configure a new account store.
D. Add and configure a Claims-aware application.
Answer: C
Explanation:
http://technet.microsoft.com/en-us/library/cc732095.aspx Understanding Account Stores Active Directory Federation Services (AD FS) uses account stores to log on users and extract security claims for those users. You can configure multiple account stores for a single Federation Service. You can also define their priority. The Federation Service uses Lightweight Directory Access Protocol (LDAP) to communicate with account stores. AD FS supports the following two account stores: Active Directory Domain Services (AD DS) Active Directory Lightweight Directory Services (AD LDS)
Q58. You add an Online Responder to an Online Responder Array.
You need to ensure that the new Online Responder resolves synchronization conflicts for all members of the Array.
What should you do?
A. From Network Load Balancing Manager, set the priority ID of the new Online Responder to 1.
B. From Network Load Balancing Manager, set the priority ID of the new Online Responder to 32.
C. From the Online Responder Management Console, select the new Online Responder, and then select Set as Array Controller.
D. From the Online Responder Management Console, select the new Online Responder, and then selectSynchronize Members with Array Controller.
Answer: C
Explanation:
Explanation 1: http://technet.microsoft.com/en-us/library/cc770413.aspx Managing Array members For each Array, one member is defined as the Array controller; the role of the Array controller is to help resolve synchronization conflicts and to apply updated revocation configuration information to all Array members.
Explanation 2: http://technet.microsoft.com/en-us/library/cc771281.aspx To designate an Array controller
1. Open the Online Responder snap-in.
2. In the console tree, click Array Configuration Members.
3. Select the Online Responder that you want to designate as the Array controller.
4. In the Actions pane, click Set as Array Controller.
Q59. You need to deploy a read-only domain controller (RODC) that runs Windows Server 2008 R2.
What is the minimal forest functional level that you should use?
A. Windows Server 2008 R2
B. Windows Server 2008
C. Windows Server 2003
D. Windows 2000
Answer: C
Explanation:
http://technet.microsoft.com/en-us/library/cc731243.aspx
Prerequisites for Deploying an RODC
Complete the following prerequisites before you deploy a read-only domain controller (RODC):
Ensure that the forest functional level is Windows Server 2003 or higher, so that linked-valuereplication (LVR) is available.
Q60. Your company has a main office and a branch office. The branch office contains a read-only domain controller named RODC1.
You need to ensure that a user named Admin1 can install updates on RODC1. The solution must prevent Admin1 from logging on to other domain controllers.
What should you do?
A. Run ntdsutil.exe and use the Roles option.
B. Run dsmgmt.exe and use the Local Roles option.
C. From Active Directory Sites and Services, modify the NTDS Site Settings.
D. From Active Directory Users and Computers, add the user to the Server Operators group.
Answer: B
Explanation: http://technet.microsoft.com/en-us/library/cc732301.aspx Administrator Role Separation Configuration This section provides procedures for creating a local administrator role for an RODC and
for adding a user to that role.
To configure Administrator Role Separation for an RODC
1. Click Start, click Run, type cmd, and then press ENTER.
2. At the command prompt, type dsmgmt.exe, and then press ENTER.
3. At the DSMGMT prompt, type local roles, and then press ENTER.