70-640 vce

      Comments Off on 70-640 vce

70-640 vce

VCE Description:
Exam Number/Code: 70-640
Exam name: TS: Windows Server 2008 Active Directory. Configuring
631 questions with full explanations
Free Today! Guaranteed Training- Pass 70-640 Exam.

Actual 70-640 Vce Based on Real 70-640 Exams Scenarios
Download Free Practice test questions with answers and study guide for exam 70-640 pdf


70-640 Exam Questions and Answers (2016 Updated):

Qustion No. 1

You have an existing Active Directory site named Site1. You create a new Active Directory site and name it Site2. 

You need to configure Active Directory replication between Site1 and Site2. You install a new domain controller. 

You create the site link between Site1 and Site2. 

What should you do next? 

A. Use the Active Directory Sites and Services console to assign a new IP subnet to Site2. Move the new domain controller object to Site2. 

B. Use the Active Directory Sites and Services console to configure a new site link bridge object. 

C. Use the Active Directory Sites and Services console to decrease the site link cost between Site1 and Site2. 

D. Use the Active Directory Sites and Services console to configure the new domain controller as a preferred bridgehead server for Site1. 

Answer: A 


http://www.enterprisenetworkingplanet.com/netsysm/article.php/624411/Intersite-eplication.htm Inter-site Replication The process of creating a custom site link has five basic steps: 

1. Create the site link. 

2. Configure the site link's associated attributes. 

3. Create site link bridges. 

4. Configure connection objects. (This step is optional.) 

5. Designate a preferred bridgehead server. (This step is optional) 

http://technet.microsoft.com/en-us/library/cc759160%28v=ws.10%29.aspx Replication between sites 

Qustion No. 2

You have a single Active Directory domain. All domain controllers run Windows Server 2008 and are configured as DNS servers. 

The domain contains one Active Directory-integrated DNS zone. 

You need to ensure that outdated DNS records are automatically removed from the DNS zone. 

What should you do? 

A. From the properties of the zone, modify the TTL of the SOA record. 

B. From the properties of the zone, enable scavenging. 

C. From the command prompt, run ipconfig /flushdns. 

D. From the properties of the zone, disable dynamic updates. 

Answer: B 


http://technet.microsoft.com/en-us/library/cc753217.aspx Set Aging and Scavenging Properties for the DNS Server The DNS Server service supports aging and scavenging features. These features are provided as a mechanism for performing cleanup and removal of stale resource records, which can accumulate in zone data over time. You can use this procedure to set the default aging and scavenging properties for the zones on a server. Further information: http://technet.microsoft.com/en-us/library/cc771677.aspx Understanding Aging and Scavenging 

Qustion No. 3

You need to compact an Active Directory database on a domain controller that runs Windows Server 2008 R2. 

What should you do? 

A. Run defrag.exe /a /c. 

B. Run defrag.exe /c /u. 

C. From Ntdsutil, use the Files option. 

D. From Ntdsutil, use the Metadata cleanup option. 

Answer: C 


Explanation 1: 


Compact the Directory Database File (Offline Defragmentation) 

You can use this procedure to compact the Active Directory database offline. Offline 

defragmentation returns free disk space in the Active Directory database to the file system. 

As part of the offline defragmentation procedure, check directory database integrity. 

Performing offline defragmentation creates a new, compacted version of the database file in a different location. 

Explanation 2: Mastering Windows Server 2008 R2 (Sybex, 2010) page 805 Performing Offline Defragmentation of Ntds.dit These steps assume that you will be compacting the Ntds.dit file to a local folder. If you plan to defragment and compact the database to a remote shared folder, map a drive letter to that shared folder before you begin these steps, and use that drive letter in the path where appropriate. 

1. Open an elevated command prompt. Click Start, and then right-click Command Prompt. Click Run as Administrator. 

2. Type ntdsutil, and then press Enter. 

3. Type Activate instance NTDS, and press Enter. 

4. At the resulting ntdsutil prompt, type Files (case sensitive), and then press Enter. 

5. At the file maintenance prompt, type compact to followed by the path to the destination folder for the defragmentation, and then press Enter. 

Qustion No. 4

Your company has an Active Directory forest that contains eight linked Group Policy Objects (GPOs). One of these GPOs publishes applications to user objects. A user reports that the application is not available for installation. 

You need to identify whether the GPO has been applied. 

What should you do? 

A. Run the Group Policy Results utility for the user. 

B. Run the GPRESULT /S <system name> /Z command at the command prompt. 

C. Run the GPRESULT /SCOPE COMPUTER command at the command prompt. 

D. Run the Group Policy Results utility for the computer. 

Answer: A 


Personal note: You run the utility for the user and not for the computer because the application publishes to user objects http://technet.microsoft.com/en-us/library/bb456989.aspx How to Use the Group Policy Results (GPResult.exe) Command Line Tool Intended for administrators, the Group Policy Results (GPResult.exe) command line tool verifies all policy settings in effect for a specific user or computer. Administrators can run GPResult on any remote computer within their scope of management. By default, GPResult returns settings in effect on the computer on which GPResult is run. To run GPResult on your own computer: 

1. Click Start, Run, and enter cmd to open a command window. 

2. Type gpresult and redirect the output to a text file as shown in Figure 1 below: 

C:\\Documents and Settings\\usernwz1\\Desktop\\1.PNG 

3. Enter notepad gp.txt to open the file. Results appear as shown in the figure below. 

C:\\Documents and Settings\\usernwz1\\Desktop\\1.PNG 

Qustion No. 5

As the Company administrator you had installed a read-only domain controller (RODC) server at remote location. 

The remote location doesn't provide enough physical security for the server. 

What should you do to allow administrative accounts to replicate authentication information to Read-Only Domain Controllers? 

A. Remove any administrative accounts from RODC's group 

B. Add administrative accounts to the domain Allowed RODC Password Replication group 

C. Set the Deny on Receive as permission for administrative accounts on the RODC computer account Security tab for the Group Policy Object (GPO) 

D. Configure a new Group Policy Object (GPO) with the Account Lockout settings enabled. Link the GPO to the remote location. Activate the Read Allow and the Apply group policy Allow permissions for the administrators on the Security tab for the GPO. 

E. None of the above 

Answer: B 


C:\\Documents and Settings\\usernwz1\\Desktop\\1.PNG 

http://technet.microsoft.com/en-us/library/cc730883%28v=ws.10%29.aspx Password Replication Policy When you initially deploy an RODC, you must configure the Password Replication Policy on the writable domain controller that will be its replication partner. The Password Replication Policy acts as an access control list (ACL). It determines if an RODC should be permitted to cache a password. After the RODC receives an authenticated user or computer logon request, it refers to the Password Replication Policy to determine if the password for the account should be cached. The same account can then perform subsequent logons more efficiently. The Password Replication Policy lists the accounts that are permitted to be cached, and accounts that are explicitly denied from being cached. The list of user and computer accounts that are permitted to be cached does not imply that the RODC has necessarily cached the passwords for those accounts. An administrator can, for example, specify in advance any accounts that an RODC will cache. This way, the RODC can authenticate those accounts, even if the WAN link to the hub site is offline. 

Password Replication Policy Allowed and Denied lists Two new built-in groups are introduced in Windows Server 2008 Active Directory domains to support RODC operations. These are the Allowed RODC Password Replication Group and Denied RODC Password Replication Group. These groups help implement a default Allowed List and Denied List for the RODC Password Replication Policy. By default, the two groups are respectively added to the msDS-RevealOnDemandGroup and msDSNeverRevealGroup Active Directory attributes mentioned earlier. By default, the Allowed RODC Password Replication Group has no members. Also by default, the Allowed List attribute contains only the Allowed RODC Password Replication Group. By default, the Denied RODC Password Replication Group contains the following members: Enterprise Domain Controllers Enterprise Read-Only Domain Controllers Group Policy Creator Owners Domain Admins Cert Publishers Enterprise Admins Schema Admins Domain-wide krbtgt account By default, the Denied List attribute contains the following security principals, all of which are built-in groups: Denied RODC Password Replication Group Account Operators Server Operators Backup Operators Administrators The combination of the Allowed List and Denied List attributes for each RODC and the domain-wide Denied RODC Password Replication Group and Allowed RODC Password Replication Group give administrators great flexibility. They can decide precisely which accounts can be cached on specific RODCs. The following table summarizes the three possible administrative models for the Password Replication Policy. 

C:\\Documents and Settings\\usernwz1\\Desktop\\1.PNG 

External 70-640 vce links

70-640 vce rapidshare.net
http://www.rapidshare.net/64334227/exambible/ 70-640_vce.html
70-640 Pearsonvue Scheduled Home:
70-640 Dumps exambibl.com