70-640 Exam
Resources to cbt nuggets 70-640 free download
Exam Code: 70-640 (Practice Exam Latest Test Questions VCE PDF)
Exam Name: TS: Windows Server 2008 Active Directory. Configuring
Certification Provider: Microsoft
Free Today! Guaranteed Training- Pass 70-640 Exam.
2021 Nov trainsignal 70-640:
Q41. You are formulating the backup strategy for Active Directory Lightweight Directory Services (AD LDS) to ensure that data and log files are backed up regularly. This will also ensure the continued availability of data to applications and users in the event of a system failure.
Because you have limited media resources, you decided to backup only specific ADLDS instance instead of taking backup of the entire volume.
What should you do to accomplish this task?
A. Use Windows Server backup utility and enable checkbox to take only backup of database and log files of AD LDS
B. Use Dsdbutil.exe tool to create installation media that corresponds only to the ADLDS instance
C. Move AD LDS database and log files on a separate volume and use windows server backup utility
D. None of the above
Answer: B
Explanation:
http://technet.microsoft.com/en-us/library/cc730941.aspx
Backing up AD LDS instance data with Dsdbutil.exe
With the Dsdbutil.exe tool, you can create installation media that corresponds only to the AD LDS instance that you want to back up, as opposed to backing up entire volumes that contain the AD LDS instance.
Q42. ABC.com has a main office and a branch office. ABC.com's network consists of a single Active Directory forest.
Some of the servers in the network run Windows Server 2008 and the rest run Windows server 2003.
You are the administrator at ABC.com. You have installed Active Directory Domain Services (AD DS) on a computer that runs Windows Server 2008. The branch office is located in a physically insecure place. It has no IT personnel onsite and there are no administrators over there. You need to setup a Read-Only Domain Controller (RODC) on the Server Core installation computer in the branch office.
What should you do to setup RODC on the computer in branch office?
A. Execute an attended installation of AD DS
B. Execute an unattended installation of AD DS
C. Execute RODC through AD DS
D. Execute AD DS by using deploying the image of AD DS
E. none of the above
Answer: B
Explanation:
http://technet.microsoft.com/en-us/library/cc754629.aspx
Install an RODC on a Server Core installation
To install an RODC on a Server Core installation of Windows Server 2008, you must perform an unattended installation of AD DS.
Q43. As an administrator at Company, you have installed an Active Directory forest that has a single domain.
You have installed an Active Directory Federation services (AD FS) on the domain member server.
What should you do to configure AD FS to make sure that AD FS token contains information from the active directory domain?
A. Add a new account store and configure it.
B. Add a new resource partner and configure it
C. Add a new resource store and configure it
D. Add a new administrator account on AD FS and configure it
E. None of the above
Answer: A
Explanation:
http://technet.microsoft.com/en-us/library/cc772309%28v=ws.10%29.aspx Step 3: Installing and Configuring AD FS Now that you have configured the computers that will be used as federation servers, you are ready to install Active Directory Federation Services (AD FS) components on each of the computers. This section includes the following procedures: Install the Federation Service on ADFS-RESOURCE and ADFS-ACCOUNT Configure ADFS-ACCOUNT to work with AD RMS Configure ADFS-RESOURCE to Work with AD RMS
Q44. Your network contains an Active Directory domain. All domain controllers run Windows Server 2008 R2.
You mount an Active Directory snapshot.
You need to ensure that you can query the snapshot by using LDAP.
What should you do?
A. Run the dsamain.exe command.
B. Create custom views from Event Viewer.
C. Run the ntdsutil.exe command.
D. Configure subscriptions from Event Viewer.
E. Run the Get-ADForest cmdlet.
F. Create a Data Collector Set (DCS).
G. Run the eventcreate.exe command.
H. Configure the Active Directory Diagnostics Data Collector Set (DCS).
I. Run the repadmin.exe command.
J. Run the dsquery.exe command.
Answer: A
Explanation:
http://technet.microsoft.com/en-us/library/cc753609.aspx The Active Directory database mounting tool (Dsamain.exe) can improve recovery processes for your organization by providing a means to compare data as it exists in snapshots that are taken at different times so that you can better decide which data to restore after data loss. This eliminates the need to restore multiple backups to compare the Active Directory data that they contain. Requirements for using the Active Directory database mounting tool You do not need any additional software to use the Active Directory database mounting tool. All the tools that are required to use this feature are built into Windows Server 2008 and are available if you have the AD DS or the AD LDS server role installed. These tools include the following: Dsamain.exe, which you can use to expose the snapshot data as an LDAP server Existing LDAP tools, such as Ldp.exe and Active Directory Users and Computers
Q45. You network consists of a single Active Directory domain. All domain controllers run Windows Server 2008 R2.
You need to reset the Directory Services Restore Mode (DSRM) password on a domain controller.
What tool should you use?
A. Active Directory Users and Computers snap-in
B. ntdsutil
C. Local Users and Groups snap-in
D. dsmod
Answer: B
Explanation:
http://technet.microsoft.com/en-us/library/cc753343%28v=ws.10%29.aspx Ntdsutil Ntdsutil.exe is a command-line tool that provides management facilities for Active Directory Domain Services (AD DS) and Active Directory Lightweight Directory Services (AD LDS). You can use the ntdsutil commands to perform database maintenance of AD DS, manage and control single master operations, and remove metadata left behind by domain controllers that were removed from the network without being properly uninstalled. This tool is intended for use by experienced administrators.
Commands set DSRM password - Resets the Directory Services Restore Mode (DSRM) administrator password. Further information: http://technet.microsoft.com/en-us/library/cc754363%28v=ws.10%29.aspx Set DSRM password Resets the Directory Services Restore Mode (DSRM) password on a domain controller. At the Reset DSRM Administrator Password: prompt, type any of the parameters listed under “Syntax.” This is a subcommand of Ntdsutil and Dsmgmt. Ntdsutil and Dsmgmt are command-line tools that are built into Windows Server 2008 and Windows Server 2008 R2. Ntdsutil is available if you have the Active Directory Domain Services (AD DS) or Active Directory Lightweight Directory Services (AD LDS) server role installed. Dsmgmt is available if you have the AD LDS server role installed. These tools are also available if you install the Active Directory Domain Services Tools that are part of the Remote Server Administration Tools (RSAT).
Latest ms 70-640:
Q46. Your network contains two standalone servers named Server1 and Server2 that have
Active Directory Lightweight Directory Services (AD LDS) installed.
Server1 has an AD LDS instance.
You need to ensure that you can replicate the instance from Server1 to Server2.
What should you do on both servers?
A. Obtain a server certificate.
B. Import the MS-User.ldf file.
C. Create a service user account for AD LDS.
D. Register the service location (SRV) resource records.
Answer: C
Explanation:
http://technet.microsoft.com/en-us/library/cc794857%28v=ws.10%29.aspx Administering AD LDS Instances Each AD LDS instance runs as an independent—and separately administered—service on a computer. You can configure the account under which an AD LDS instance runs, stop and restart an AD LDS instance, and change the AD LDS instance service display name and service description. In addition, you can enable Secure Sockets Layer (SSL) connections in AD LDS by installing certificates. In Active Directory environments, each AD LDS instance attempts to create a Service Principal Name (SPN) object in the directory to be used for replication authentication. Depending on the network environment into which you install AD LDS, you may have to create SPNs manually. AD LDS service account The service account that an AD LDS instance uses determines the access that the AD LDS instance has on the local computer and on other computers in the network. AD LDS instances also use the service account to authenticate other AD LDS instances in their configuration set, to ensure replication security. You determine the AD LDS service account during AD LDS installation.
Q47. Your company has a main office and a branch office.
The network contains an Active Directory forest. The forest contains three domains. The branch office contains one domain controller named DC5. DC5 is configured as a global catalog server, a DHCP server, and a file server.
You remove the global catalog from DC5.
You need to reduce the size of the Active Directory database on DC5.
The solution must minimize the impact on all users in the branch office.
What should you do first?
A. Start DC5 in Safe Mode.
B. Start DC5 in Directory Services Restore Mode.
C. On DC5, start the Protected Storage service.
D. On DC5, stop the Active Directory Domain Services service.
Answer: D
Explanation:
http://allcomputers.us/windows_server/windows-server-2008-r2---manage-the-active-directory-database-%28part-2%29---defragment-the-directory-database---audit-active-directory-service.aspx Windows Server 2008 R2 : Manage the Active Directory Database (part 2) - Defragment the Directory Database & Audit Active Directory Service
3. Defragment the Directory Database A directory database gets fragmented as you add, change, and delete objects to your database. Like any file system–based storage, as the directory database is changed and updated, fragments of disk space will build up so it needs to be defragmented on a routine basis to maintain optimal operation. By default, Active Directory performs an online defragmentation of the directory database every 12 hours with the garbage collection process, an automated directory database cleanup, and IT pros should be familiar with it. However, online defragmentation does not decrease the size of the NTDS.DIT database file. Instead, it shuffles the data around for easier access. Depending on how much fragmentation you actually have in the database, running an offline defragmentation—which does decrease the size of the database—could have a significant effect on the overall size of your NTDS.DIT database file. There is a little problem associated with defragmenting databases. They have to be taken offline in order to have the fragments removed and the database resized. In Windows Server 2008 R2, there is a great feature that allows you to take the database offline without shutting down the server. It's called Restartable Active Directory, and it could not be much easier to stop and start your directory database than this. Figure 4 shows the Services tool and how you can use it to stop the Active Directory service.
1. Start the Services tool from the Control Panel.
2. Right-click Active Directory Domain Services, and select Stop.
C:\Documents and Settings\usernwz1\Desktop\1.PNG
Figure 4. You can use the Services tool to stop and restart Active Directory. That's it! Now when you stop Active Directory Domain Services, any other dependent services will also be stopped. Keep in mind that while the services are stopped, they cannot fulfill their assigned role in your network. The really cool thing about Restartable AD is that while the directory services and its dependent services are stopped, other services on the local machine are not. So, perhaps you have a shared printer running on your DC. Print services still run, and print operations do not stop. Nice!
3.1. Offline Directory Defragmentation
Now that you have stopped Active Directory services, it is time to get down to the business
of offline defragmentation of the directory database:
1. Back up the database.
2. Open a command prompt, and type NTDSUTIL.
3. Type ACTIVATE INSTANCE NTDS.
4. Type FILES, and press Enter.
5. Type INFO, and press Enter. This will tell you the current location of the directory
database, its size, and the size of the associated log files. Write all this down.
6. Make a folder location that has enough drive space for the directory to be stored.
7. Type COMPACT TO DRIVE:\DIRECTORY, and press Enter. The drive and directory are
the locations you set up in step 5. If the drive path contains spaces, put the whole path in
quotation marks, as in "C:\database defrag".
A new defragmented and compacted NTDS.DIT is created in the folder you specified.
8. Type QUIT, and press Enter.
9. Type QUIT again, and press Enter to return to the command prompt. 10.If defragmentation succeeds without errors, follow the NTDSUTIL prompts. 11.Delete all log files by typing DEL x:\pathtologfiles\*.log where x is the drive letter of your drive. 12.Overwrite the old NTDS.DIT file with the new one. Remember, you wrote down its location in step 4. 13.Close the command prompt. 14.Open the Services tool, and start Active Directory Domain Services. Defragmenting your directory database using the offline NTDSUTIL process can significantly reduce the size of your database depending on how long it has been since your last offline defrag. The hard thing about offline defrag is that every network is different, so making recommendations about how often to use the offline defrag process is somewhat spurious. I recommend you get to know your directory database. Monitor its size and growth. When you think it is appropriate to defragment offline, then do it. A pattern will emerge for you, and you will find yourself using offline defragmentation on a frequency that works well for your network and your directory database. One of the cool things about offline defragmentation is that if you should happen to have an error occur during the defragmentation process, you still have your original NTDS.DIT database in place and can continue using it with no problems until you can isolate and fix any issues.
Q48. Your company has an Active Directory domain. The main office has a DNS server named DNS1 that is configured with Active Directory-integrated DNS. The branch office has a DNS server named DNS2 that contains a secondary copy of the zone from DNS1. The two offices are connected with an unreliable WAN link.
You add a new server to the main office.
Five minutes after adding the server, a user from the branch office reports that he is unable to connect to the new server.
You need to ensure that the user is able to connect to the new server.
What should you do?
A. Clear the cache on DNS2.
B. Reload the zone on DNS1.
C. Refresh the zone on DNS2.
D. Export the zone from DNS1 and import the zone to DNS2.
Answer: C
Explanation: Explanation:
Old Answer: Refresh the zone on DNS2. http://technet.microsoft.com/en-us/library/cc794900%28v=ws.10%29.aspx Adjust the Refresh Interval for a Zone You can use this procedure to adjust the refresh interval for a Domain Name System (DNS) zone. The refresh interval determines how often other DNS servers that load and host the zone must attempt to renew the zone. By default, the refresh interval for each zone is set to 15 minutes. http://blog.ijun.org/2008/11/difference-between-dnscmd-clearcache.htmldifference between dnscmd /clearcache and ipconfig /flushdns
Q: Do "dnscmd /clearcache" and "ipconfig /flushdns" the exact same thing, on a windows 2003 server? What is the difference, if any?
A: Ipconfig /flushdns will flush the local computer cache. And dnscmd /clearcache will clear the dns server cache. Meaning that with the first you will clear the "local" cache of the server you work on. (Even if it is the dns server. It will NOT clear the dns server cache.) While with dnscmd you will clear the dns server cache.
Q49. Your company has a DNS server that has 10 Active Directory integrated zones.
You need to provide copies of the zone files of the DNS server to the security department.
What should you do?
A. Run the dnscmd /ZoneInfo command.
B. Run the ipconfig /registerdns command.
C. Run the dnscmd /ZoneExport command.
D. Run the ntdsutil > Partition Management > List commands.
Answer: C
Explanation:
http://servergeeks.wordpress.com/2012/12/31/dns-zone-export/ DNS Zone Export In Non-AD Integrated DNS Zones DNS zone file information is stored by default in the %systemroot%\windows\system32\dns folder. When the DNS Server service starts it loads zones from these files. This behavior is limited to any primary and secondary zones that are not AD integrated. The files will be named as <ZoneFQDN>.dns.
C:\Documents and Settings\usernwz1\Desktop\1.PNG
In AD Integrated DNS Zones AD-integrated zones are stored in the directory they do not have corresponding zone files
i.e. they are not stored as .dns files. This makes sense because the zones are stored in, and loaded from, the directory. Now it is important task for us to take a backup of these AD integrated zones before making any changes to DNS infrastructure. Dnscmd.exe can be used to export the zone to a file. The syntax of the command is: DnsCmd <ServerName> /ZoneExport <ZoneName> <ZoneExportFile> <ZoneName> — FQDN of zone to export /Cache to export cache As an example, let’s say we have an AD integrated zone named habib.local, our DC is server1. The command to export the file would be: Dnscmd server1 /ZoneExport habib.local habib.local.bak
C:\Documents and Settings\usernwz1\Desktop\1.PNG
C:\Documents and Settings\usernwz1\Desktop\1.PNG
You can refer to a complete article on DNSCMD in Microsoft TechNet website
http://technet.microsoft.com/en-us/library/cc772069(v=ws.10).aspx
Q50. HOTSPOT
Your network contains an Active Directory forest named contoso.com. The forest contains two sites named Seattle and Montreal. The Seattle site contains two domain controllers. The domain controllers are configured as shown in the following table.
You need to enable universal group membership caching in the Seattle site.
Which object's properties should you modify?
To answer, select the appropriate object in the answer area.
Answer: