Key benefits of ms 70-640

★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW 70-640 Exam Dumps (PDF & VCE):
Available on: https://www.certleader.com/70-640-dumps.html


With the help of Ucertify 70-640 places, you can obtain a good result simply which can make an individual complete Microsoft test. Furthermore, if you unsuccessful inside the 70-640 test the first time of using the products, almost all cash you spend will be refund. You simply need to send your own 70-640 report records because the pdf to us. After confirming your details, we will refund the money and return it for your accounts as quickly as possible.

2016 Jun examcollection 70-640:

Q161. Your company has an Active Directory domain named ad.contoso.com. The domain has two domain controllers named DC1 and DC2. Both domain controllers have the DNS server role installed. 

You install a new DNS server named DNS1.contoso.com on the perimeter network. You configure DC1 to forward all unresolved name requests to DNS1.contoso.com. 

You discover that the DNS forwarding option is unavailable on DC2. 

You need to configure DNS forwarding on the DC2 server to point to the DNS1.contoso.com server. 

Which two actions should you perform? (Each correct answer presents part of the solution. 

Choose two.) 

A. Clear the DNS cache on DC2. 

B. Configure conditional forwarding on DC2. 

C. Configure the Listen On address on DC2. 

D. Delete the Root zone on DC2. 

Answer: B,D 

Explanation: 

Answer: Delete the Root zone on DC2. Configure conditional forwarding on DC2. 

http://technet.microsoft.com/en-us/library/cc754941.aspx Configure a DNS Server to Use Forwarders A forwarder is a Domain Name System (DNS) server on a network that is used to forward DNS queries for external DNS names to DNS servers outside that network. You can also configure your server to forward queries according to specific domain names using conditional forwarders. http://social.technet.microsoft.com/Forums/en-US/winserverNIS/thread/0ca38ece-d76e-42f0-85d5-a342f9e169f5/ Deleting .root dns zone in 2008 DNS 

Q: We have 2 domain controllers and .root zone is created in the DNS. Due to which the external name resolution is not possible. I had tried to add conditional forwarders but i get an error saying that conditional forwarders cannot be created on root DNS servers. A 1: If you have a "root" zone created in your DNS, and you no longer want that configuration, you can just simply delete that zone. There is no reason to have a root "." zone hosted unless you want to make sure that the DNS server is authoritative for all queries and not allow the DNS server to go elsewhere for name resolution. 

If you delete this zone, the DNS server will be able to use its root hints, or fowarders to resolve queries for zones its not authoritative for. A 2: That was from the old 2000 days where DCPROMO would create it if it detected no internet access while promoting the first DC. Jut remove it, and the Forwarders option reappear. 

Further information: http://support.microsoft.com/kb/298148 

How To Remove the Root Zone (Dot Zone) 

http://technet.microsoft.com/en-us/library/cc731879%28v=ws.10%29.aspx 

Reviewing DNS Concepts Delegation For a DNS server to answer queries about any name, it must have a direct or indirect path to every zone in the namespace. These paths are created by means of delegation. A delegation is a record in a parent zone that lists a name server that is authoritative for the zone in the next level of the hierarchy. Delegations make it possible for servers in one zone to refer clients to servers in other zones. The following illustration shows one example of delegation. 


C:\Documents and Settings\usernwz1\Desktop\1.PNG 

The DNS root server hosts the root zone represented as a dot ( . ). The root zone contains a delegation to a zone in the next level of the hierarchy, the com zone. The delegation in the root zone tells the DNS root server that, to find the com zone, it must contact the Com server. Likewise, the delegation in the com zone tells the Com server that, to find the contoso.com zone, it must contact the Contoso server. Note: A delegation uses two types of records. The name server (NS) resource record provides the name of an authoritative server. Host (A) and host (AAAA) resource records provide IP version 4 (IPv4) and IP version 6 (IPv6) addresses of an authoritative server. This system of zones and delegations creates a hierarchical tree that represents the DNS namespace. Each zone represents a layer in the hierarchy, and each delegation represents a branch of the tree. By using the hierarchy of zones and delegations, a DNS root server can find any name in the DNS namespace. The root zone includes delegations that lead directly or indirectly to all other zones in the hierarchy. Any server that can query the DNS root server can use the information in the delegations to find any name in the namespace. 


Q162. You need to purge the list of user accounts that were authenticated on a read-only domain 

controller (RODC). 

What should you do? 

A. Run the repadmin.exe command and specify the /prp parameter. 

B. From Active Directory Sites and Services, modify the properties of the RODC computer object. 

C. From Active Directory Users and Computers, modify the properties of the RODC computer object. 

D. Run the dsrm.exe command and specify the -u parameter. 

Answer: A 

Explanation: 

http://technet.microsoft.com/en-us/library/rodc-guidance-for-administering-the-password-replication-policy.aspx 

Clearing the authenticated accounts list 

In addition to reviewing the list of authenticated users, you may decide to periodically clean up the list of accounts that are authenticated to the RODC. Cleaning up this list may help you more easily determine the new accounts that have authenticated through the RODC. 

Membership in the Domain Admins group of the domain in which the RODC is a member, or equivalent, is the minimum required to complete this procedure. 

To clear all entries from the list, run the command repadmin /prp delete <hostname> auth2 /all. 

Substitute the actual host name of the RODC that you want to clear. For example, if you want to clear the list of authenticated accounts for RODC2, type repadmin /prp delete rodc2 auth2 /all, and then press ENTER. 


Q163. Your company has a single Active Directory domain named intranet.contoso.com. All domain controllers run Windows Server 2008 R2. The domain functional level is Windows 2000 native and the forest functional level is Windows 2000. 

You need to ensure the UPN suffix for contoso.com is available for user accounts. 

What should you do first? 

A. Raise the intranet.contoso.com forest functional level to Windows Server 2003 or higher. 

B. Raise the intranet.contoso.com domain functional level to Windows Server 2003 or higher. 

C. Add the new UPN suffix to the forest. 

D. Change the Primary DNS Suffix option in the Default Domain Controllers Group Policy Object (GPO) to contoso.com. 

Answer: C 

Explanation: 

http://support.microsoft.com/kb/243629 

HOW TO: Add UPN Suffixes to a Forest 

Adding a UPN Suffix to a Forest 

Open Active Directory Domains and Trusts. 

Right-click Active Directory Domains and Trusts in the Tree window pane, and then click Properties. 

On the UPN Suffixes tab, type the new UPN suffix that you would like to add to the forrest. Click Add, and then click OK. 

Now when you add users to the forest, you can select the new UPN suffix to complete the user's logon name. 

APPLIES TO 

Microsoft Windows 2000 Server 

Microsoft Windows 2000 Advanced Server 

Microsoft Windows 2000 Datacenter Server 


Q164. Your network contains an Active Directory domain. All domain controller run Windows Server 2003. 

You replace all domain controllers with domain controllers that run Windows Server 2008 R2. You raise the functional level of the domain to Windows Server 2008 R2. 

You need to minimize the amount of SYSVOL replication traffic on the network. 

What should you do? 

A. Raise the functional level of the forest to Windows Server 2008 R2. 

B. Modify the path of the SYSVOL folder on all of the domain controllers. 

C. On a global catalog server, run repadmin.exe and specify the KCC parameter. 

D. On the domain controller that holds the primary domain controller (PDC) emulator FSMO role, run dfsrmig.exe. 

Answer: D 

Explanation: 

Now that the domain controllers have been upgraded to Windows Server 2008 R2 and the domain functional level has been upgraded to Windows Server 2008 R2 we can use DFS Replication for replicating SYSVOL, instead of File Replication Service (FRS) of previous Windows Server versions. The migration takes place on a domain controller holding the PDC Emulator role. 

Explanation 1: http://technet.microsoft.com/en-us/library/cc794837.aspx Using DFS Replication for replicating SYSVOL in Windows Server 2008 DFS Replication technology significantly improves replication of SYSVOL. In Windows 2000 Server, Windows Server 2003, and Windows Server 2003 R2, FRS is used to replicate the contents of the SYSVOL share. 

When a change to a file occurs, FRS replicates the entire updated file. With DFS Replication, for files larger than 64 KB, only the updated portion of the file is replicated. 

Explanation 2: 

http://technet.microsoft.com/en-us/library/dd639809.aspx 

Migrating to the Prepared State 

The following sections provide an overview of the procedures that you perform when you 

migrate SYSVOL replication from File Replication Service (FRS) to Distributed File System 

(DFS Replication). 

This migration phase includes the tasks in the following list. 

Running the dfsrmig /SetGlobalState 1 command on the PDC emulator to start the 

migration to the Prepared state. 


Q165. Your company has an Active Directory forest that runs at the functional level of Windows Server 2008. 

You implement Active Directory Rights Management Services (AD RMS). 

You install Microsoft SQL Server 2005. When you attempt to open the AD RMS administration Web site, you receive the following error message: "SQL Server does not exist or access denied." 

You need to open the AD RMS administration Web site. 

Which two actions should you perform? (Each correct answer presents part of the solution. 

Choose two.) 

A. Restart IIS. 

B. Manually delete the Service Connection Point in AD DS and restart AD RMS. 

C. Install Message Queuing. 

D. Start the MSSQLSVC service. 

Answer: A,D 

Explanation: 

http://technet.microsoft.com/en-us/library/cc747605%28v=ws.10%29.aspx#BKMK_1 RMS Administration Issues "SQL Server does not exist or access denied" message received when attempting to open the RMS Administration Web site If you have installed RMS by using a new installation of SQL Server 2005 as your database server the SQL Server Service might not be started. In SQL Server 2005, the MSSQLSERVER service is not configured to automatically start when the server is started. If you have restarted your SQL Server since installing RMS and have not configured this service to automatically restart RMS will not be able to function and only the RMS Global Administration page will be accessible. After you have started the MSSQLSERVER service, you must restart IIS on each RMS server in the cluster to restore RMS functionality. 


70-640  real exam

Replace examcollection 70-640:

Q166. Your network contains an Active Directory domain. The domain contains five domain controllers. A domain controller named DC1 has the DHCP role and the file server role installed. 

You need to move the Active Directory database on DC1 to an alternate location.The solution must minimize impact on the network during the database move. 

What should you do first? 

A. Restart DC1 in Safe Mode. 

B. Restart DC1 in Directory Services Restore Mode. 

C. Start DC1 from Windows PE. 

D. Stop the Active Directory Domain Services service on DC1. 

Answer: D 

Explanation: 

http://technet.microsoft.com/en-us/library/cc794895%28v=ws.10%29.aspx Relocating the Active Directory Database Files Applies To: Windows Server 2008, Windows Server 2008 R2 Relocating Active Directory database files usually involves moving files to a temporary location while hardware updates are being performed and then moving the files to a permanent location. On domain controllers that are running versions of Windows 2000 Server and Windows Server 2003, moving database files requires restarting the domain controller in Directory Services Restore Mode (DSRM). Windows Server 2008 introduces restartable Active Directory Domain Services (AD DS), which you can use to perform database management tasks without restarting the domain controller in DSRM. Before you move database files, you must stop AD DS as a service. 


Q167. Your network contains a server that runs Windows Server 2008 R2. The server is configured as an enterprise root certification authority (CA). 

You have a Web site that uses x.509 certificates for authentication. The Web site is configured to use a manyto-one mapping. 

You revoke a certificate issued to an external partner. You need to prevent the external partner from accessing the Web site. 

What should you do? 

A. Run certutil.exe -crl. 

B. Run certutil.exe -delkey. 

C. From Active Directory Users and Computers, modify the membership of the IIS_IUSRS group. 

D. From Active Directory Users and Computers, modify the Contact object for the external partner. 

Answer: A 

Explanation: 

http://technet.microsoft.com/library/cc732443.aspx Certutil Certutil.exe is a command-line program that is installed as part of Certificate Services. You can use Certutil.exe to dump and display certification authority (CA) configuration information, configure Certificate Services, backup and restore CA components, and verify certificates, key pairs, and certificate chains. Verbs -CRL Publish new certificate revocation lists (CRLs) [or only delta CRLs] http://technet.microsoft.com/en-us/library/cc783835%28v=ws.10%29.aspx Requesting Offline Domain Controller Certificates (Advanced Certificate Enrollment and Management) If you have determined the keycontainername for a specific certificate, you can delete the key container with the following command. certutil.exe -delkey <KeyContainerName> The -delkey option is supported only with the Windows Server 2003 version of certutil. On Windows 2000, you must add a prefix to the commands. The prefix is the path you have copied the Windows Server 2003 version of certutil to. In this white paper, the %HOMEDRIVE%\W2K3AdmPak path is used. 


Q168. You are formulating the backup strategy for Active Directory Lightweight Directory Services (AD LDS) to ensure that data and log files are backed up regularly. This will also ensure the continued availability of data to applications and users in the event of a system failure. 

Because you have limited media resources, you decided to backup only specific ADLDS instance instead of taking backup of the entire volume. 

What should you do to accomplish this task? 

A. Use Windows Server backup utility and enable checkbox to take only backup of database and log files of AD LDS 

B. Use Dsdbutil.exe tool to create installation media that corresponds only to the ADLDS instance 

C. Move AD LDS database and log files on a separate volume and use windows server backup utility 

D. None of the above 

Answer: B 

Explanation: 

http://technet.microsoft.com/en-us/library/cc730941.aspx 

Backing up AD LDS instance data with Dsdbutil.exe 

With the Dsdbutil.exe tool, you can create installation media that corresponds only to the AD LDS instance that you want to back up, as opposed to backing up entire volumes that contain the AD LDS instance. 


Q169. Company has servers on the main network that run Windows Server 2008. It also has two domain controllers. 

Active Directory services are running on a domain controller named CKDC1. 

You have to perform critical updates of Windows Server 2008 on CKDC1 without rebooting the server. 

What should you do to perform offline critical updates on CKDC1 without rebooting the server? 

A. Start the Active Directory Domain Services on CKDC1 

B. Disconnect from the network and start the Windows update feature 

C. Stop the Active Directory domain services and install the updates. Start the Active Directory domain services after installing the updates. 

D. Stop Active Directory domain services and install updates. Disconnect from the network and then connect again. 

E. None of the above 

Answer: C 

Explanation: 

Personal comment: I don't believe you can avoid restarting the server when installing some (not all) updates http://class10e.com/Microsoft/what-should-you-do-to-perform-offline-critical-updates-on-ckdc1-withoutrebooting-the-server/ To perform offline critical updates on CKDC1 without rebooting the server, you should stop the Active Directory domain services and install the updates. Start the Active Directory domain services after installing the updates. By stopping the Active Directory domain services, you don’t need to reboot the server. The updates are related to the Windows Server 2008 on CKDC1 so when you stop the Active Directory domain services and start it again after the installation of the updates, the Server will perform in a normal way. 


Q170. Your network contains an Active Directory forest. The forest contains one domain and three sites. Each site contains two domain controllers. All domain controllers are DNS servers. 

You create a new Active Directory-integrated zone. 

You need to ensure that the new zone is replicated to the domain controllers in only one of 

the sites. 

What should you do first? 

A. Modify the NTDS Site Settings object for the site. 

B. Modify the replication settings of the default site link. 

C. Create an Active Directory connection object. 

D. Create an Active Directory application directory partition. 

Answer: D 

Explanation: 

Practically the same question as A/Q50 and K/Q17, different set of answers. To control which servers get a copy of the zone we have to store the zone in an application directory partition. That application directory partition must be created before we create the zone, otherwise it won't work. So that's what we have to do first. Directory partitions are also called naming contexts and we can create one using ntdsutil. Here I tried to create a zone with dnscmd /zoneadd. It failed because the directory partition I wanted to use did not exist yet. To fix that I used ntdsutil to create the directory partition dc=venomous,dc=contoso,dc=com. Note that after creating it a new naming context had been added. Then, after a minute or two, I tried to create the new zone again, and this time it worked. 


C:\Documents and Settings\usernwz1\Desktop\1.PNG 

Explanation 1: 

http://technet.microsoft.com/en-us/library/cc725739.aspx 

Store Data in an AD DS Application Partition 

You can store Domain Name System (DNS) zones in the domain or application directory 

partitions of Active 

Directory Domain Services (AD DS). An application directory partition is a data structure in 

AD DS that distinguishes data for different replication purposes. When you store a DNS 

zone in an application directory partition, you can control the zone replication scope by 

controlling the replication scope of the application directory partition. 

Explanation 2: 

http://technet.microsoft.com/en-us/library/cc730970.aspx 

Partition management 

Manages directory partitions for Active Directory Domain Services (AD DS) or Active 

Directory Lightweight 

Directory Services (AD LDS). 

This is a subcommand of Ntdsutil and Dsmgmt. 

Examples 

To create an application directory partition named AppPartition in the contoso.com domain, 

complete the following steps: 

1. To open an elevated Command Prompt window, click Start, point to All Programs, click Accessories, rightclick Command Prompt, and then click Run as administrator. 

2. Type: ntdsutil 

3. Type: Ac in ntds 

4. Type: partition management 

5. Type: connections 

6. Type: Connect to server DC_Name 

7. Type: quit 

8. Type: list 

The following partitions will be listed: 0 CN=Configuration, DC=Contoso, DC=com 1 DC=Contoso, DC=com 2 CN=Schema, CN=Configuration, DC=Contoso, DC=com 3 DC=DomainDnsZones, DC=Contoso, DC=com 4 DC=ForestDnsZones, DC=Contoso, DC=com 

9. At the partition management prompt, type: create nc dc=AppPartition, DC=contoso,dc=com 

ConDc1.contoso.com 

10. Run the list command again to refresh the list of partitions. 



see more TS: Windows Server 2008 Active Directory. Configuring