Advanced Guide: free mcitp 70-640 practice test

70-640 Exam

Advanced Guide: free mcitp 70-640 practice test

To make your own Microsoft 70-640 audit expertise and expertise to a attractive issue, you will want to implement 70-640 education. Considerable chunks of money of the time and funds get into 70-640 program education. As they are so with a lot of among us, confined spending plan and zero cost time is not going to shall we enroll in Microsoft 70-640 audit school room education. Consequently, the majority of the 70-640 job hopefuls tend to be picking 70-640 review books together with other 70-640 home discovering means. Together with Microsoft 70-640 e-learning products and solutions for example practice test, questions, 70-640 review books, etcetera. possess proved their selves not that will bad of a work.

2021 Nov mcitp 70-640 practice test:

Q11. Your network contains an Active Directory domain. The domain contains four domain

controllers.

You modify the Active Directory schema.

You need to verify that all the domain controllers received the schema modification.

Which command should you run?

A. dcdiag.exe /a

B. netdom.exe query fsmo

C. repadmin.exe /showrepl *

D. sc.exe query ntds

Answer: C

Explanation:

http://blogs.technet.com/b/askds/archive/2009/07/01/getting-over-replmon.aspx Getting Over Replmon

Status Checking Replmon had the option to generate a status report text file. It could tell

you which servers were configured to replicate with each other, if they had any errors, and

so on. It was pretty useful actually, and one of the main reasons people liked the tool.

Repadmin.exe offers similar functionality within a few of its command line options. For

example, we can get a summary report:

Repadmin /replsummary *

C:\Documents and Settings\usernwz1\Desktop\1.PNG

Several DCs have been taken offline. Repadmin shows the correct error of 58 – that the

other DCs are not available and cannot tell you their status.

You can also use more verbose commands with Repadmin to see details about which DCs

are or are not replicating:

Repadmin /showrepl *

C:\Documents and Settings\usernwz1\Desktop\1.PNG

Q12. Your network contains an Active Directory domain. The domain contains a member server named Server1 that runs Windows Server 2008 R2.

You need to configure Server1 as a global catalog server.

What should you do?

A. Modify the Active Directory schema.

B. From Ntdsutil, use the Roles option.

C. Run the Active Directory Domain Services Installation Wizard on Server1.

D. Move the Server1 computer object to the Domain Controllers organizational unit (OU).

Answer: C

Explanation:

Now it's just a member server, so you'll have to run dcpromo to start the Active Directory Domain Services Installation Wizard in order to promote the server to a domain controller. Only a domain controller can be a global catalog server.

Explanation:

http://technet.microsoft.com/en-us/library/cc728188.aspx

The global catalog is a distributed data repository that contains a searchable, partial representation of every object in every domain in a multidomain Active Directory Domain Services (AD DS) forest. The global catalog is stored on domain controllers that have been designated as global catalog servers and is distributed through multimaster replication.

Q13. Your network contains a single Active Directory domain.

You need to create an Active Directory Domain Services snapshot.

What should you do?

A. Use the Ldp tool.

B. Use the NTDSUtil tool.

C. Use the Wbadmin tool.

D. From Windows Server Backup, perform a full backup.

Answer: B

Explanation: http://technet.microsoft.com/en-us/library/cc753609.aspx To create an AD DS or AD LDS snapshot

1. Log on to a domain controller as a member of the Enterprise Admins groups or the Domain Admins group.

2. Click Start, right-click Command Prompt, and then click Run as administrator.

3. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.

4. At the elevated command prompt, type the following command, and then press ENTER: ntdsutil

5. At the ntdsutil prompt, type the following command, and then press ENTER: snapshot

6. At the snapshot prompt, type the following command, and then press ENTER: activate instance ntds

7. At the snapshot prompt, type the following command, and then press ENTER: create

Q14. You have a Windows PowerShell script that contains the following code:

import-csv Accounts.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true -AccountPassword $_. password}

When you run the script, you receive an error message indicating that the format of the password is incorrect.The script fails.

You need to run a script that successfully creates the user accounts by using the password contained in accounts.csv.

Which script should you run?

A. import-csv Accounts.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true – AccountPassword(ConvertTo-SecureString "Password" -AsPlainText -force)}

B. import-csv Accounts.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true – AccountPassword(ConvertTo-SecureString $_.Password -AsPlainText -force)}

C. import-csv Accounts.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true -AccountPassword(Read-Host -AsSecureString "Password")}

D. import-csv Accounts.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true – AccountPassword(Read-Host -AsSecureString $_.Password)}

Answer: B

Explanation:

import-csv Accounts.csv | Foreach { New-ADUser -Name $_.Name -Enabled $true - AccountPassword (ConvertTo-SecureString $_.Password -AsPlainText -force)} Personal comment: import comma separated values file (most probably containing a column for Name and one for Password) for each line of values create a new AD user with the name contained in the Name column enable the account and set the password with the value contained in the Password column; import the password from plain text as a secure string and ignore warnings/errors http://technet.microsoft.com/en-us/library/hh849818.aspx ConvertTo-SecureString

Parameters -AsPlainText Specifies a plain text string to convert to a secure string. The secure string cmdlets help protect confidential text. The text is encrypted for privacy and is deleted from computer memory after it is used. If you use this parameter to provide plain text as input, the system cannot protect that input in this manner. To use this parameter, you must also specify the Force parameter. -Force Confirms that you understand the implications of using the AsPlainText parameter and still want to use it.

Q15. Your network contains an Active Directory forest. The forest contains two domain controllers. The domain controllers are configured as shown in the following table.

All client computers run Windows 7.

You need to ensure that all client computers in the domain keep the same time as an external time server.

What should you do?

A. From DC1, run the time command.

B. From DC2, run the time command.

C. From DC1, run the w32tm.exe command.

D. From DC2, run the w32tm.exe command.

Answer: D

Explanation:

Explanation 1: http://technet.microsoft.com/en-us/library/cc816748.aspx

Change the Windows Time Service Configuration on the PDC Emulator in the Forest Root Domain The domain controller in the forest root domain that holds the primary domain controller (PDC) emulator operations master (also known as flexible single master operations or FSMO) role is the default time source for the domain hierarchy of time sources in the forest. Explanation 2: http://technet.microsoft.com/en-us/library/cc773263.aspx Windows Time Service Tools and Settings Most domain member computers have a time client type of NT5DS, which means that they synchronize time from the domain hierarchy. The only typical exception to this is the domain controller that functions as the primary domain controller (PDC) emulator operations master of the forest root domain, which is usually configured to synchronize time with an external time source.

W32tm.exe is used to configure Windows Time service settings. It can also be used to diagnose problems with the time service. W32tm.exe is the preferred command line tool for configuring, monitoring, or troubleshooting the Windows Time service.

Abreast of the times mcts 70-640:

Q16. Your company has a branch office that is configured as a separate Active Directory site and has an Active Directory domain controller.

The Active Directory site requires a local Global Catalog server to support a new application.

You need to configure the domain controller as a Global Catalog server.

Which tool should you use?

A. The Server Manager console

B. The Active Directory Sites and Services console

C. The Dcpromo.exe utility

D. The Computer Management console

E. The Active Directory Domains and Trusts console

Answer: B

Explanation:

Answer: The Active Directory Sites and Services console

http://technet.microsoft.com/en-us/library/cc781329%28v=ws.10%29.aspx

Configure a domain controller as a global catalog server

To configure a domain controller as a global catalog server

1. Open Active Directory Sites and Services.

Further information:

http://technet.microsoft.com/en-us/library/cc728188%28v=ws.10%29.aspx

What Is the Global Catalog?

In addition to configuration and schema directory partition replicas, every domain controller in a forest stores a full, writable replica of a single domain directory partition. Therefore, a domain controller can locate only the objects in its domain. Locating an object in a different domain would require the user or application to provide the domain of the requested object. The global catalog provides the ability to locate objects from any domain without having to know the domain name. A global catalog server is a domain controller that, in addition to its full, writable domain directory partition replica, also stores a partial, read-only replica of all other domain directory partitions in the forest. The additional domain directory partitions are partial because only a limited set of attributes is included for each object. By including only the attributes that are most used for searching, every object in every domain in even the largest forest can be represented in the database of a single global catalog server. Note: A global catalog server can also store a full, writable replica of an application directory partition, but objects in application directory partitions are not replicated to the global catalog as partial, read-only directory partitions.

The global catalog is built and updated automatically by the AD DS replication system. The attributes that are replicated to the global catalog are identified in the schema as the partial attribute set (PAS) and are defined by default by Microsoft. However, to optimize searching, you can edit the schema by adding or removing attributes that are stored in the global catalog.

In Windows 2000 Server environments, any change to the PAS results in full synchronization (update of all attributes) of the global catalog. Later versions of Windows Server reduce the impact of updating the global catalog by replicating only the attributes that change.

In a single-domain forest, a global catalog server stores a full, writable replica of the domain and does not store any partial replica. A global catalog server in a single-domain forest functions in the same manner as a nonglobal-catalog server except for the processing of forest-wide searches.

Q17. Your network contains an Active Directory domain named contoso.com.

You plan to deploy a child domain named sales.contoso.com.

The domain controllers in sales.contoso.com will be DNS servers for sales.contoso.com.

You need to ensure that users in contoso.com can connect to servers in sales.contoso.com by using fully qualified domain names (FQDNs).

What should you do?

A. Create a DNS forwarder.

B. Create a DNS delegation.

C. Configure root hint servers.

D. Configure an alternate DNS server on all client computers.

Answer: B

Explanation:

http://technet.microsoft.com/en-us/library/cc784494%28v=ws.10%29.aspx Delegating zones DNS provides the option of dividing up the namespace into one or more zones, which can then be stored, distributed, and replicated to other DNS servers. When deciding whether to divide your DNS namespace to make additional zones, consider the following reasons to use additional zones: A need to delegate management of part of your DNS namespace to another location or department within your organization. A need to divide one large zone into smaller zones for distributing traffic loads among multiple servers, improve DNS name resolution performance, or create a more fault-tolerant DNS environment. A need to extend the namespace by adding numerous subdomains at once, such as to accommodate the opening of a new branch or site. If, for any of these reasons, you could benefit from delegating zones, it might make sense to restructure your namespace by adding additional zones. When choosing how to structure zones, you should use a plan that reflects the structure of your organization. When delegating zones within your namespace, be aware that for each new zone you create, you will need delegation records in other zones that point to the authoritative DNS servers for the new zone. This is necessary both to transfer authority and to provide correct referral to other DNS servers and clients of the new servers being made authoritative for the new zone. When a standard primary zone is first created, it is stored as a text file containing all resource record information on a single DNS server. This server acts as the primary master for the zone. Zone information can be replicated to other DNS servers to improve fault tolerance and server performance. When structuring your zones, there are several good reasons to use additional DNS servers for zone replication:

1. Added DNS servers provide zone redundancy, enabling DNS names in the zone to be resolved for clients if a primary server for the zone stops responding.

2. Added DNS servers can be placed so as to reduce DNS network traffic. For example, adding a DNS server to the opposing side of a low-speed WAN link can be useful in managing and reducing network traffic.

3. Additional secondary servers can be used to reduce loads on a primary server for a zone. Example: Delegating a subdomain to a new zone As shown in the following figure, when a new zone for a subdomain (example.microsoft.com) is created, delegation from the parent zone (microsoft.com) is needed.

In this example, an authoritative DNS server computer for the newly delegated example.microsoft.com subdomain is named based on a derivative subdomain included in the new zone (ns1.us.example.microsoft.com). To make this server known to others outside of the new delegated zone, two RRs are needed in the microsoft.com zone to complete delegation to the new zone. These RRs include: An NS RR to effect the delegation. This RR is used to advertise that the server named ns1.us.example.microsoft.com is an authoritative server for the delegated subdomain. An A RR (also known as a glue record) is needed to resolve the name of the server specified in the NS RR to its IP address. The process of resolving the host name in this RR to the delegated DNS server in the NS RR is sometimes referred to as glue chasing. Note When zone delegations are correctly configured, normal zone referral behavior can sometimes be circumvented if you are using forwarders in your DNS server configuration.

Q18. Your company purchases a new application to deploy on 200 computers. The application requires that you modify the registry on each target computer before you install the application.

The registry modifications are in a file that has an .adm extension.

You need to prepare the target computers for the application.

What should you do?

A. Import the .adm file into a new Group Policy Object (GPO). Edit the GPO and link it to an organizational unit that contains the target computers.

B. Create a Microsoft Windows PowerShell script to copy the .adm file to each computer. Run the REDIRUsr CONTAINER-DN command on each target computer.

C. Create a Microsoft Windows PowerShell script to copy the .adm file to the startup folder of each target computer.

D. Create a Microsoft Windows PowerShell script to copy the .adm file to each computer. Run the REDIRCmp CONTAINER-DN command on each target computer.

Answer: A

Explanation:

http://www.petri.co.il/adding_new_administrative_templates_to_gpo.htm Adding New Administrative Templates to a GPO Adding .ADM files to the Administrative Templates in a GPO In order to add additional .ADM files to the existing Administrative Templates section in GPO please follow the next steps:

1. Open the Group Policy Management Console (or GPMC) from the Administrative Tools folder in the Stat menu, or by typing gpmc.msc in the Run command.

2. Right-click an existing GPO (or create an new GPO, then right-click on it) and select Edit.

Q19. Your network contains an Active Directory forest. The forest contains one domain. The domain contains two domain controllers named DC1 and DC2 that run Windows Server 2008 R2.

DC1 was installed before DC2.

DC1 fails.

You need to ensure that you can add 1,000 new user accounts to the domain.

What should you do?

A. Modify the permissions of the DC2 computer account.

B. Seize the schema master FSMO role.

C. Configure DC2 as a global catalog server.

D. Seize the RID master FSMO role.

Answer: D

Explanation:

MS Press - Self-Paced Training Kit (Exam 70-640) (2nd Edition, July 2012) pages 536-537

RID master failure

A failed RID master eventually prevents domain controllers from creating new SIDs and, therefore, prevents you from creating new accounts for users, groups, or computers. However, domain controllers receive a sizable pool of RIDs from the RID master, so unless you are generating numerous new accounts, you can often go for some time without the RID master online while it is being repaired. Seizing this role to another domain controller is a significant action. After the RID master role has been seized, the domain controller that had been performing the role cannot be brought back online.

Q20. Your network contains an Active Directory forest named contoso.com.

You plan to add a new domain named nwtraders.com to the forest.

All DNS servers are domain controllers.

You need to ensure that the computers in nwtraders.com can update their Host (A) records on any of the DNS servers in the forest.

What should you do?

A. Add the computer accounts of all the domain controllers to the DnsAdmins group.

B. Add the computer accounts of all the domain controllers to the DnsUpdateProxy group.

C. Create a standard primary zone on a domain controller in the forest root domain.

D. Create an Active Directory-integrated zone on a domain controller in the forest root domain.

Answer: D