testking microsoft 70-640 : Apr 2016 Edition

Tested of 70-640 free draindumps materials and class for Microsoft certification for client, Real Success Guaranteed with Updated 70-640 pdf dumps vce Materials. 100% PASS TS: Windows Server 2008 Active Directory. Configuring exam Today!

2016 Apr 70-640 Study Guide Questions:

Q211. Your company has a main office and 50 branch offices. Each office contains multiple subnets. 

You need to automate the creation of Active Directory subnet objects. 

What should you use? 

A. the Dsadd tool 

B. the Netsh tool 

C. the New-ADObject cmdlet 

D. the New-Object cmdlet 

Answer: C 

Explanation: 

http://technet.microsoft.com/en-us/library/ee617260.aspx New-ADObject Creates an Active Directory object. Syntax: New-ADObject [-Name] <string> [-Type] <string> [-AuthType {<Negotiate> | <Basic>}] [-Credential <PSCredential>] [-Description <string>] [-DisplayName <string>] [-Instance <ADObject>] [-OtherAttributes <hashtable>] [-PassThru <switch>] [-Path <string>] [-ProtectedFromAccidentalDeletion <System.Nullable [bool]>] [-Server <string>] [-Confirm] [-WhatIf] [<CommonParameters>] Detailed Description The New-ADObject cmdlet creates a new Active Directory object such as a new organizational unit or new user account. You can use this cmdlet to create any type of Active Directory object. Many object properties are defined by setting cmdlet parameters. Properties that are not set by cmdlet parameters can be set by using the OtherAttributes parameter. You must set the Name and Type parameters to create a new Active Directory object. The Name specifies the name of the new object. The Type parameter specifies the LDAP display name of the Active Directory Schema Class that represents the type of object you want to create. Examples of Type values include computer, group, organizational unit, and user. The Path parameter specifies the container where the object will be created.. When you do not specify the Path parameter, the cmdlet creates an object in the default naming context container for Active Directory objects in the domain. 


Q212. Your network contains an Active Directory forest. The forest contains one domain. The domain contains two domain controllers named DC1 and DC2 that run Windows Server 2008 R2. 

DC1 was installed before DC2. 

DC1 fails. 

You need to ensure that you can add 1,000 new user accounts to the domain. 

What should you do? 

A. Modify the permissions of the DC2 computer account. 

B. Seize the schema master FSMO role. 

C. Configure DC2 as a global catalog server. 

D. Seize the RID master FSMO role. 

Answer: D 

Explanation: 

MS Press - Self-Paced Training Kit (Exam 70-640) (2nd Edition, July 2012) pages 536-537 

RID master failure 

A failed RID master eventually prevents domain controllers from creating new SIDs and, therefore, prevents you from creating new accounts for users, groups, or computers. However, domain controllers receive a sizable pool of RIDs from the RID master, so unless you are generating numerous new accounts, you can often go for some time without the RID master online while it is being repaired. Seizing this role to another domain controller is a significant action. After the RID master role has been seized, the domain controller that had been performing the role cannot be brought back online. 


Q213. Your network contains an Active Directory domain named contoso.com. Contoso.com contains three servers. 

The servers are configured as shown in the following table. 


You need to ensure that users can manually enroll and renew their certificates by using the Certificate Enrollment Web Service. 

Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.) 

A. Configure the policy module settings. 

B. Configure the issuance requirements for the certificate templates. 

C. Configure the Certificate Services Client - Certificate Enrollment Policy Group Policy setting. 

D. Configure the delegation settings for the Certificate Enrollment Web Service application pool account. 

Answer: B,D 

Explanation: Explanation 1: 

http://technet.microsoft.com/en-us/library/dd759245.aspx 

The Certificate Enrollment Web Service can process enrollment requests for new certificates and for certificate renewal. In both cases, the client computer submits the request to the Web service and the Web service submits the request to the certification authority (CA) on behalf of the client computer. For this reason, the Web service account must be trusted for delegation in order to present the client identity to the CA. 

Explanation 2: http://social.technet.microsoft.com/wiki/contents/articles/7734.certificate-enrollment-web-services-in-active-directory-certificate-services.aspx 

Delegation is required for the Certificate Enrollment Web Service account when all of the following are true: The CA is not on the same computer as the Certificate Enrollment Web Service Certificate Enrollment Web Service needs to be able to process initial enrollment requests, as opposed to only processing certificate renewal requeststhe authentication type is set to Windows Integrated Authentication or Client certificate authentication 


Q214. Your network contains an Active Directory domain named contoso.com. The network contains client computers that run either Windows Vista or Windows 7. Active Directory Rights Management Services (AD RMS) is deployed on the network. 

You create a new AD RMS template that is distributed by using the AD RMS pipeline. The template is updated every month. 

You need to ensure that all the computers can use the most up-to-date version of the AD RMS template. 

You want to achieve this goal by using the minimum amount of administrative effort. 

What should you do? 

A. Upgrade all of the Windows Vista computers to Windows 7. 

B. Upgrade all of the Windows Vista computers to Windows Vista Service Pack 2 (SP2). 

C. Assign the Microsoft Windows Rights Management Services (RMS) Client Service Pack 2 (SP2) to all users by using a Software Installation extension of Group Policy. 

D. Assign the Microsoft Windows Rights Management Services (RMS) Client Service Pack 2 (SP2) to all computers by using a Software Installation extension of Group Policy. 

Answer: B 


Q215. Your company has an Active Directory domain named contoso.com. The company network has two DNS servers named DNS1 and DNS2. 

The DNS servers are configured as shown in the following table. 


Domain users, who are configured to use DNS2 as the preferred DNS server, are unable to connect to Internet Web sites. 

You need to enable Internet name resolution for all client computers. 

What should you do? 

A. Update the list of root hints servers on DNS2. 

B. Create a copy of the .(root) zone on DNS1. 

C. Delete the .(root) zone from DNS2. Configure conditional forwarding on DNS2. 

D. Update the Cache.dns file on DNS2. Configure conditional forwarding on DNS1. 

Answer: C 

Explanation: 

http://support.microsoft.com/kb/298148 How To Remove the Root Zone (Dot Zone) When you install DNS on a Windows 2000 server that does not have a connection to the Internet, the zone for the domain is created and a root zone, also known as a dot zone, is also created. This root zone may prevent access to the Internet for DNS and for clients of the DNS. If there is a root zone, there are no other zones other than those that are listed with DNS, and you cannot configure forwarders or root hint servers. For these reasons, you may have to remove the root zone. 


70-640 practice exam

Renewal 70-640 pdf:

Q216. Your network contains an Active Directory domain. The domain contains a member server named Server1 that runs Windows Server 2008 R2. 

You need to configure Server1 as a global catalog server. 

What should you do? 

A. Modify the Active Directory schema. 

B. From Ntdsutil, use the Roles option. 

C. Run the Active Directory Domain Services Installation Wizard on Server1. 

D. Move the Server1 computer object to the Domain Controllers organizational unit (OU). 

Answer: C 

Explanation: 

Now it's just a member server, so you'll have to run dcpromo to start the Active Directory Domain Services Installation Wizard in order to promote the server to a domain controller. Only a domain controller can be a global catalog server. 

Explanation: 

http://technet.microsoft.com/en-us/library/cc728188.aspx 

The global catalog is a distributed data repository that contains a searchable, partial representation of every object in every domain in a multidomain Active Directory Domain Services (AD DS) forest. The global catalog is stored on domain controllers that have been designated as global catalog servers and is distributed through multimaster replication. 


Q217. Your network contains a single Active Directory domain named contoso.com. The domain contains two domain controllers named DC1 and DC2 that run Windows Server 2008 R2. DC1 hosts a primary zone for Contoso. 

com. DC2 hosts a secondary zone for contosto.com. 

On DC1, you change the zone to an Active Directory-integrated zone and configure the zone to accept secure dynamic updates only. 

You need to ensure that DC2 can accept secure dynamic updates to the contoso.com zone. 

Which command should you run? 

A. dnscmd.exe dc2.contoso.com /createdirectorypartition dns.contoso.com 

B. dnscmd.exe dc2.contoso.com /zoneresettype contoso.com /dsprimary 

C. dnslint.exe /ql 

D. repadmin.exe /syncall /force 

Answer: B 

Explanation: 

http://technet.microsoft.com/en-us/library/cc772069%28v=ws.10%29.aspx#BKMK_29 Dnscmd A command-line interface for managing DNS servers. This utility is useful in 

scripting batch files to help automate routine DNS management tasks, or to perform simple 

unattended setup and configuration of new DNS servers on your network. 

dnscmd /zoneresettype 

Changes the zone type. 

Syntax 

dnscmd [<ServerName>] /zoneresettype <ZoneName> <ZoneType> [/overwrite_mem | 

/overwrite_ds] 

Parameters 

<ServerName> 

Specifies the DNS server to manage, represented by local computer syntax, IP address, 

FQDN, or host name. If this parameter is omitted, the local server is used. 

<ZoneName> 

Identifies the zone on which the type will be changed. 

<ZoneType> Specifies the type of zone to create. Each type has different required 

parameters: 

/dsprimary Creates an Active Directory–integrated zone. 

/primary /file <FileName> Creates a standard primary zone. 

/secondary <MasterIPAddress> [,<MasterIPAddress>...] Creates a standard secondary 

zone. 

/stub <MasterIPAddress>[,<MasterIPAddress>...] /file <FileName> Creates a file-backed 

stub zone. 

/dsstub <MasterIPAddress>[,<MasterIPAddress>...] Creates an Active Directory–integrated 

stub zone. 

/forwarder <MasterIPAddress[,<MasterIPAddress>]... /file<FileName> 

Specifies that the created zone forwards unresolved queries to another DNS server. 

/dsforwarder Specifies that the created Active Directory–integrated zone forwards 

unresolved queries to another DNS server. 

/overwrite_mem | /overwrite_ds 

Specifies how to overwrite existing data: 

/overwrite_mem Overwrites DNS data from data in AD DS. 

/overwrite_ds Overwrites existing data in AD DS. 

Remarks 

Setting the zone type as /dsforwarder creates a zone that performs conditional forwarding. 


Q218. Your network contains an Active Directory domain. The functional level of the domain is Windows Server 2003. 

The domain contains five domain controllers that run Windows Server 2008 and five domain controllers that run Windows Server 2008 R2. 

You need to ensure that SYSVOL is replicated by using Distributed File System Replication (DFSR). 

What should you do first? 

A. Run dfsrdiag.exe PollAD. 

B. Run dfsrmig.exe /SetGlobalState 0. 

C. Upgrade all domain controllers to Windows Server 2008 R2. 

D. Raise the functional level of the domain to Windows Server 2008. 

Answer: D 

Explanation: 

http://technet.microsoft.com/en-us/library/cc753479%28v=ws.10%29.aspx Distributed File System Distributed File System (DFS) Namespaces and DFS Replication offer simplified, highly-available access to files, load sharing, and WAN-friendly replication. In the Windows Server. 2003 R2 operating system, Microsoft revised and renamed DFS Namespaces (formerly called DFS), replaced the Distributed File System snap-in with the DFS Management snap-in, and introduced the new DFS Replication feature. In the Windows Server. 2008 operating system, Microsoft added the Windows Server 2008 mode of domain-based namespaces and added a number of usability and performance improvements. What does Distributed File System (DFS) do? The Distributed File System (DFS) technologies offer wide area network (WAN)-friendly replication as well as simplified, highly-available access to geographically dispersed files. The two technologies in DFS are the following: DFS Namespaces. Enables you to group shared folders that are located on different servers into one or more logically structured namespaces. Each namespace appears to users as a single shared folder with a series of subfolders. This structure increases availability and automatically connects users to shared folders in the same Active Directory Domain Services site, when available, instead of routing them over WAN connections. DFS Replication. DFS Replication is an efficient, multiple-master replication engine that you can use to keep folders synchronized between servers across limited bandwidth network connections. It replaces the File Replication Service (FRS) as the replication engine for DFS Namespaces, as well as for replicating the AD DS SYSVOL folder in domains that use the Windows Server 2008 domain functional level. 


Q219. Your network contains two servers named Server1 and Server2 that run Windows Server 2008 R2. Server1 has the Active Directory Federation Services (AD FS) Federation Service role service installed. 

You plan to deploy AD FS 2.0 on Server2. 

You need to export the token-signing certificate from Server1, and then import the certificate to Server2. 

Which format should you use to export the certificate? 

A. Base-64 encoded X.509 (.cer) 

B. Cryptographic Message Syntax Standard PKCS #7 (.p7b) 

C. DER encoded binary X.509 (.cer) 

D. Personal Information Exchange PKCS #12 (.pfx) 

Answer: D 

Explanation: 

Explanation 1: http://technet.microsoft.com/en-us/library/ff678038.aspx 

Checklist: Migrating Settings in the AD FS 1.x Federation Service to AD FS 2.0 If the AD FS 1.x Federation Service has a token-signing certificate that was issued by a trusted certification authority (CA) and you want to reuse it, you will have to export it from AD FS 1.x. 

[The site provides also a link for instructions on how to export the token-signing certificate. That link point to the site mentioned in Explanation 2.] 

Explanation 2: http://technet.microsoft.com/en-us/library/cc784075.aspx 

Export the private key portion of a token-signing certificate 

To export the private key of a token-signing certificate Click Start, point to Administrative Tools, and then click Active Directory Federation Services. Right-click Federation Service, and then click Properties. On the General tab, click View. In the Certificate dialog box, click the Details tab. On the Details tab, click Copy to File. On the Welcome to the Certificate Export Wizard page, click Next. On the Export Private Key page, select Yes, export the private key, and then click Next. On the Export File Format page, selectPersonal Information Exchange = PKCS #12 (.PFX), and then click Next. (...) 


Q220. Your company has a main office and a branch office that are configured as a single Active Directory forest. The functional level of the Active Directory forest is Windows Server 2003. There are four Windows Server 2003 domain controllers in the main office. 

You need to ensure that you are able to deploy a read-only domain controller (RODC) at the branch office. 

Which two actions should you perform? (Each correct answer presents part of the solution. 

Choose two.) 

A. Raise the functional level of the forest to Windows Server 2008. 

B. Deploy a Windows Server 2008 domain controller at the main office. 

C. Raise the functional level of the domain to Windows Server 2008. 

D. Run the adprep/rodcprep command. 

Answer: B,D 

Explanation: 

http://technet.microsoft.com/en-us/library/cc731243%28v=ws.10%29.aspx Prerequisites for Deploying an RODC Complete the following prerequisites before you deploy a read-only domain controller (RODC): Ensure that the forest functional level is Windows Server 2003 or higher Run Adprep.exe commands to prepare your existing forest and domains for domain controllers that run Windows Server 2008 or Windows Server 2008 R2. The adprep commands extend the Active Directory schema and update security descriptors so that you can add the new domain controllers. There are different versions of Adprep.exe for Windows Server 2008 and Windows Server 2008 R2. 

1. Prepare the forest and domains. There are three adprep commands to complete and have the changes replicate throughout the forest. Run the three commands as follows: 

* Prepare the forest by running adprep /forestprep on the server that holds the schema master operations master (also known as flexible single master operations or FSMO) role to update the schema. 

* Prepare the domain by running adprep /domainprep /gpprep on the server that holds the infrastructure operations master role. 

* If you are installing an RODC in an existing Windows Server 2003 domain, you must also run adprep /rodcprep. 

2. Install Active Directory Domain Services (AD DS). You can install AD DS by using a wizard, the command line, or an answer file. Deploy at least one writable domain controller running Windows Server 2008 or Windows Server 2008 R2 in the same domain as the RODC and ensure that the writable domain controller is also a DNS server that has registered a name server (NS) resource record for the relevant DNS zone. An RODC must replicate domain updates from a writable domain controller running Windows Server 2008 or Windows Server 2008 R2. 


70-640 exam cost

Real microsoft 70-640:

Q221. You have a domain controller that runs Windows Server 2008 R2. The Windows Server Backup feature is installed on the domain controller. 

You need to perform a non-authoritative restore of the domain controller by using an existing backup file. 

What should you do? 

A. Restart the domain controller in Directory Services Restore Mode. Use the WBADMIN command to perform a critical volume restore. 

B. Restart the domain controller in Directory Services Restore Mode. Use the Windows Server Backup snap-in to perform a critical volume restore. 

C. Restart the domain controller in safe mode. Use the Windows Server Backup snap-in to perform a critical volume restore. 

D. Restart the domain controller in safe mode. Use the WBADMIN command to perform a critical volume restore. 

Answer: A 

Explanation: 

Almost identical to B26 http://technet.microsoft.com/en-us/library/cc816627%28v=ws.10%29.aspx Performing Nonauthoritative Restore of Active Directory Domain Services A nonauthoritative restore is the method for restoring Active Directory Domain Services (AD DS) from a system state, critical-volumes, or full server backup. A nonauthoritative restore returns the domain controller to its state at the time of backup and then allows normal replication to overwrite that state with any changes that occurred after the backup was taken. After you restore AD DS from backup, the domain controller queries its replication partners. Replication partners use the standard replication protocols to update AD DS and associated information, including the SYSVOL shared folder, on the restored domain controller. You can use a nonauthoritative restore to restore the directory service on a domain controller without reintroducing or changing objects that have been modified since the backup. The most common use of a nonauthoritative restore is to reinstate a domain controller, often after catastrophic or debilitating hardware failures. In the case of data corruption, do not use nonauthoritative restore unless you have confirmed that the problem is with AD DS. Nonauthoritative Restore Requirements You can perform a nonauthoritative restore from backup on a Windows Server 2008 system that is a standalone server, member server, or domain controller. On domain controllers that are running Windows Server 2008, you can stop and restart AD DS as a service. Therefore, in Windows Server 2008, performing offline defragmentation and other database management tasks does not require restarting the domain controller in Directory Services Restore Mode (DSRM). However, you cannot perform a nonauthoritative restore after simply stopping the AD DS service in regular startup mode. You must be able to start the domain controller in Directory Services Restore Mode (DSRM). If the domain controller cannot be started in DSRM, you must first reinstall the operating system. To perform a nonauthoritative restore, you need one of the following types of backup for your backup source: System state backup: Use this type of backup to restore AD DS. If you have reinstalled the operating system, you must use a critical-volumes or full server backup. If you are restoring a system state backup, use the wbadmin start systemstaterecovery command. Critical-volumes backup: A critical-volumes backup includes all data on all volumes that contain operating system and registry files, boot files, SYSVOL files, or Active Directory files. Use this type of backup if you want to restore more than the system state. To restore a critical-volumes backup, use the wbadmin start recovery command. Full server backup: Use this type of backup only if you cannot start the server or you do not have a system state or critical-volumes backup. A full server backup is generally larger than a critical-volumes backup. Restoring a full server backup not only rolls back data in AD DS to the time of backup, but it also rolls back all data in all other volumes. Rolling back this additional data is not necessary to achieve nonauthoritative restore of AD DS. 


Q222. Your company has an Active Directory forest. The company has servers that run Windows Server 2008 R2 and client computers that run Windows 7. The domain uses a set of GPO administrative templates that have been approved to support regulatory compliance requirements. 

Your partner company has an Active Directory forest that contains a single domain. The company has servers that run Windows Server 2008 R2 and client computers that run Windows 7. 

You need to configure your partner company's domain to use the approved set of administrative templates. 

What should you do? 

A. Use the Group Policy Management Console (GPMC) utility to back up the GPO to a file. In each site, import the GPO to the default domain policy. 

B. Copy the ADMX files from your company's PDC emulator to the PolicyDefinitions folder on the partner company's PDC emulator. 

C. Copy the ADML files from your company's PDC emulator to the PolicyDefinitions folder on the partner company's PDC emulator. 

D. Download the conf.adm, system.adm, wuau.adm, and inetres.adm files from the Microsoft Updates Web site. Copy the ADM files to the PolicyDefinitions folder on thr partner company's emulator. 

Answer: B 

Explanation: 

http://support.microsoft.com/kb/929841 How to create the Central Store for Group Policy Administrative Template files in Windows Vista Windows Vista uses a new format to display registry-based policy settings. These registry-based policy settings appear under Administrative Templates in the Group Policy Object Editor. In Windows Vista, these registry-based policy settings are defined by standards-based XML files that have an .admx file name extension. The .admx file format replaces the legacy .adm file format. The .adm file format uses a proprietary markup language. In Windows Vista, Administrative Template files are divided into .admx files and language-specific .adml files that are available to Group Policy administrators. 

Administrative Template file storage In earlier operating systems, all the default Administrative Template files are added to the ADM folder of a Group Policy object (GPO) on a domain controller. The GPOs are stored in the SYSVOL folder. The SYSVOL folder is automatically replicated to other domain 

controllers in the same domain. A policy file uses approximately 2 megabytes (MB) of hard 

disk space. Because each domain controller stores a distinct version of a policy, replication 

traffic is increased. 

Windows Vista uses a Central Store to store Administrative Template files. In Windows 

Vista, the ADM folder is not created in a GPO as in earlier versions of Windows. Therefore, 

domain controllers do not store or replicate redundant copies of .adm files. 

The Central Store 

To take advantage of the benefits of .admx files, you must create a Central Store in the 

SYSVOL folder on a domain controller. The Central Store is a file location that is checked 

by the Group Policy tools. The Group Policy tools use any .admx files that are in the 

Central Store. The files that are in the Central Store are later replicated to all domain 

controllers in the domain. 

To create a Central Store for .admx and .adml files, create a folder that is named 

PolicyDefinitions in the following location: 

\\FQDN\SYSVOL\FQDN\policies 

Note: FQDN is a fully qualified domain name. 

http://www.frickelsoft.net/blog/?p=31 

How can I export local Group Policy settings made in gpedit.msc? 

Mark Heitbrink, MVP for Group Policy... came up with a good solution on how you can 

“export” the Group 

Policy and Security... settings you made in on a machine with the Local Group Policy 

Editor (gpedit.msc) to other machines pretty easy: 

Normal settings can be copied like this: 

1.) Open %systemroot%\system32\grouppolicy\ 

Within this folder, there are two folders - “machine” and “user”. Copy these to folders to the 

“%systemroot% 

\system32\grouppolicy - folder on the target machine. All it needs now is a reboot or a 

“gpupdate /force”. 

Note: If you cannot see the “grouppolicy” folder on either the source or the target machine, 

be sure to have your explorer folder options set to “Show hidden files and folders”… 

For security settings: 

1.) Open MMC and add the Snapin “Security Templates”. 

2.) Create your own customized template and save it as an “*inf” file. 

3.) Copy the file to the target machine and import it via command line tool “secedit”: secedit 

/configure /db %temp%\temp.sdb /cfg yourcreated.inf 

Further information on secedit can be found 

here:http://www.microsoft.com/resources/documentation/ 

windows/xp/all/proddocs/en-us/secedit_cmds.mspx?mfr=true 

If you’re building custom installations, you can pretty easy script the “overwriting” of the 

 “machine”/”user”- folders or the import via secedit by copying these file to a share and copy and execute them with a script. 


Q223. Your company has a main office and 40 branch offices. Each branch office is configured as a separate Active Directory site that has a dedicated read-only domain controller (RODC). 

An RODC server is stolen from one of the branch offices. 

You need to identify the user accounts that were cached on the stolen RODC server. 

Which utility should you use? 

A. Dsmod.exe 

B. Ntdsutil.exe 

C. Active Directory Sites and Services 

D. Active Directory Users and Computers 

Answer: D 

Explanation: 

http://technet.microsoft.com/en-us/library/cc835486%28v=ws.10%29.aspx Securing Accounts After an RODC Is Stolen If you become aware of a stolen or otherwise compromised read-only domain controller (RODC), you should act quickly to delete the RODC account from the domain and to reset the passwords of the accounts whose current passwords are stored on the RODC. An efficient tool for removing the RODC computer account and resetting all the passwords for the accounts that were authenticated to it is the Active Directory Users and Computers snap-in. 


Q224. ABC.com has a network that is comprise of a single Active Directory Domain. 

As an administrator at ABC.com, you install Active Directory Lightweight Directory Services (AD LDS) on a server that runs Windows Server 2008. To enable Secure Sockets Layer (SSL) based connections to the AD LDS server, you install certificates from a trusted Certification Authority (CA) on the AD LDS server and client computers. 

Which tool should you use to test the certificate with AD LDS? 

A. Ldp.exe 

B. Active Directory Domain services 

C. ntdsutil.exe 

D. Lds.exe 

E. wsamain.exe 

F. None of the above 

Answer: A 

Explanation: 

http://technet.microsoft.com/en-us/library/cc725767%28v=ws.10%29.aspx Appendix A: Configuring LDAP over SSL Requirements for AD LDS The Lightweight Directory Access Protocol (LDAP) is used to read from and write to Active Directory Lightweight Directory Services (AD LDS). By default, LDAP traffic is not transmitted securely. You can make LDAP traffic confidential and secure by using Secure Sockets Layer (SSL) / Transport Layer Security (TLS) technology. Step 3: Connect to the AD LDS instance over LDAPS using Ldp.exe To test your server authentication certificate, you can open Ldp.exe on the computer that is running the AD LDS instance and then connect to this AD LDS instance that has the SSL option enabled. 


Q225. Your network contains an Active Directory domain named contoso.com. 

The properties of the contoso.com DNS zone are configured as shown in the exhibit. (Click the Exhibit button.) 


You need to update all service location (SRV) records for a domain controller in the domain. 

What should you do? 

A. Restart the Netlogon service. 

B. Restart the DNS Client service. 

C. Run sc.exe and specify the triggerinfo parameter. 

D. Run ipconfig.exe and specify the /registerdns parameter. 

Answer: A 

Explanation: 

MCTS 70-640 Cert Guide: Windows Server 2008 Active Directory, Configuring (Pearson IT Certification, 2010) page 62 

The SRV resource records for a domain controller are important in enabling clients to locate the domain controller. The Netlogon service on domain controllers registers this resource record whenever a domain controller is restarted. You can also re-register a domain controller’s SRV resource records by restarting this service from the Services branch of Server Manager or by typing net start netlogon. An exam question might ask you how to troubleshoot the nonregistration of SRV resource records. 



see more http://www.certshared.com/exam/70-640/

Microsoft 70-640 Certification Sample Questions and Answers: http://www.braindumpsall.net/70-640-dumps/

P.S. New 70-640 dumps PDF: http://www.4easydumps.com/70-640-dumps-download.html