Tested 70-640 Exam Questions 2021

NEW QUESTION 1
Your network contains an Active Directory domain named contoso.com. The contoso.com domain contains a domain controller named DC1.
You create an Active Directory-integrated GlobalNames zone. You add an alias (CNAME) resource record named Server1 to the zone. The target host of the record is server2.contoso.com.
When you ping Server1, you discover that the name fails to resolve. You are able to successfully ping server2.contoso.com.
You need to ensure that you can resolve names by using the GlobalNames zone.
Which command should you run?

• A. Dnscmd DCl.contoso.com /ZoneAdd GlobalNames /DsPrimary /DP /domain
• B. Dnscmd DCl.contoso.com /config /Enableglobalnamessupport forest
• C. Dnscmd DCl.contoso.com /config /Enableglobalnamessupport 1
• D. Dnscmd DCl.contoso.com /ZoneAdd GlobalNames /DsPrimary /DP /forest

Answer: C

Explanation:
http://technet.microsoft.com/en-us/library/cc772069.aspx
dnscmd /config Changes values in the registry for the DNS server and individual zones.
Accepts server-level settings and zone-level settings.
Parameter
/enableglobalnamessupport {0|1}
Enables or disables support for the GlobalNames zone. The GlobalNames zone supports
resolution of singlelabel
DNS names across a forest.
0
Disables support for the GlobalNames zone. When you set the value of this command to 0,
the DNS Server service does not resolve single-label names in the GlobalNames zone.
1
Enables support for the GlobalNames zone. When you set the value of this command to 1,
the DNS Server service resolves single-label names in the GlobalNames zone.

NEW QUESTION 2
Your network contains an Active Directory forest. All domain controllers run Windows
Server 2008 Standard.
The functional level of the domain is Windows Server 2003.
You have a certification authority (CA).
The relevant servers in the domain are configured as shown below:

You need to ensure that you can install the Active Directory Certificate Services (AD CS) Certificate Enrollment Web Service on the network.
What should you do?

• A. Upgrade Server1 to Windows Server 2008 R2.
• B. Upgrade Server2 to Windows Server 2008 R2.
• C. Raise the functional level of the domain to Windows Server 2008.
• D. Install the Windows Server 2008 R2 Active Directory Schema update

Answer: D

Explanation:
http://technet.microsoft.com/en-us/library/dd759243.aspx
Installation requirements
Before installing the certificate enrollment Web services, ensure that your environment
meets these requirements:
A host computer as a domain member running Windows Server 2008 R2.
An Active Directory forest with a Windows Server 2008 R2 schema.
An enterprise certification authority (CA) running Windows Server 2008 R2, Windows
Server 2008, or
Windows Server 2003.

NEW QUESTION 3
You have an Active Directory domain named contoso.com.
You need to view the account lockout threshold and duration for the domain.
Which tool should you use?

• A. Get-ItemProperty
• B. Active Directory Domains and Trusts
• C. Net User
• D. Gpresult

Answer: C

NEW QUESTION 4
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 and a domain controller named DC1.
On Server1, you configure a collector-initiated subscription for the Application log of DC1. The subscription is configured to collect all events.
After several days, you discover that Server1 failed to collect any events from DC1, although there are more than 100 new events in the Application log of DC1.
You need to ensure that Server1 collects events from DC1.
What should you do?

• A. On Server1, run wecutil quick-confi
• B. On Server1, run winrm quickconfi
• C. On DC1, run wecutil quick-confi
• D. On DC1, run winrm quickconfi

Answer: D

Explanation:
Since the subscription has been created, wecutil quick-config has already run on Server1. Only thing left is to configure DC1 to forward the events, using winrm quickconfig. Explanation1: Mastering Windows Server 2008 R2 (Sybex, 2010) page 773 Windows event Collector Service The first time you select the Subscriptions node of Event Viewer or the Subscription tab of any log, a dialog box will appear stating that the Windows Event Collector Service must be running and configured. It then asks whether you want to start and configure the service. If you click Yes, it starts the service and changes the startup type from Manual to Automatic (Delayed Start), causing it to start each time Windows starts.
Explanation 2: http://technet.microsoft.com/en-us/library/cc748890.aspx To configure computers in a domain to forward and collect events
1. Log on to all collector and source computers. It is a best practice to use a domain account with administrative privileges.
2. On each source computer, type the following at an elevated command prompt: winrm quickconfig

NEW QUESTION 5
Your network contains an Active Directory domain. The domain contains two file servers. The file servers are configured as shown in the following table.

You create a Group Policy object (GPO) named GPO1 and you link GPO1 to OU1.
You configure the advanced audit policy as shown in the exhibit. (Click the Exhibit button.)

You discover that the settings are not applied to Server1. The settings are applied to
Server2.
You need to ensure that access to the file shares on Server1 is audited.
What should you do?

• A. On Server1, run secedit.exe and specify the /configure paramete
• B. On Server1, run auditpol.exe and specify the /set paramete
• C. From GPO1, configure the Security Option
• D. From Active Directory Users and Computers, modify the permissions of the computer account for Server1.
• E. From Active Directory Users and Computers, add Server1 to the Event Log Readers grou

Answer: B

NEW QUESTION 6
You deploy a new Active Directory Federation Services (AD FS) federation server.
You request new certificates for the AD FS federation server.
You need to ensure that the AD FS federation server can use the new certificates.
To which certificate store should you import the certificates?

• A. Computer
• B. IIS Admin Service service account
• C. Local Administrator
• D. World Wide Web Publishing Service service account

Answer: A

Explanation:
http://technet.microsoft.com/en-us/library/dd378922%28v=ws.10%29.aspx#BKMK_13 Step 2: Installing AD FS Role Services and Configuring Certificates To import the server authentication certificate for adfsresource to adfsweb
1. Click Start, click Run, type mmc, and then click OK.
2. Click File, and then click Add/Remove Snap-in.
3. Select Certificates, click Add, click Computer account, and then click Next.
4. Click Local computer: (the computer this console is running on), click Finish, and then click OK.
5. In the console tree, double-click the Certificates (Local Computer) icon, double-click the Trusted Root Certification Authorities folder, right-click Certificates, point to All Tasks, and then click Import.
6. On the Welcome to the Certificate Import Wizard page, click Next.
7. On the File to Import page, type \adfsresourced$adfsresource.pfx, and then click Next.
8. On the Password page, type the password for the adfsresource.pfx file, and then click Next.
9. On the Certificate Store page, click Place all certificates in the following store, and then click Next.
10. On the Completing the Certificate Import Wizard page, verify that the information you provided is accurate, and then click Finish.

NEW QUESTION 7
Your network contains an Active Directory domain. The domain contains four domain controllers.
You modify the Active Directory schema.
You need to verify that all the domain controllers received the schema modification.
Which command should you run?

• A. netdom.exe query fsmo
• B. repadmin.exe /showrepl *
• C. dcdiag.exe /e /test:Topology
• D. dcdiag.exe /a

Answer: C

NEW QUESTION 8
Your company has a main office and 50 branch offices. Each office contains multiple subnets.
You need to automate the creation of Active Directory subnet objects.
What should you use?

• A. the Dsadd tool
• B. the Netsh tool
• C. the New-ADObject cmdlet
• D. the New-Object cmdlet

Answer: C

Explanation:
http://technet.microsoft.com/en-us/library/ee617260.aspx New-ADObject Creates an Active Directory object. Syntax: New-ADObject [-Name] <string> [-Type] <string> [-AuthType {<Negotiate> | <Basic>}] [-Credential <PSCredential>] [-Description <string>] [-DisplayName <string>] [-Instance <ADObject>] [-OtherAttributes <hashtable>] [-PassThru <switch>] [-Path <string>] [-ProtectedFromAccidentalDeletion <System.Nullable [bool]>] [-Server <string>] [-Confirm] [-WhatIf] [<CommonParameters>] Detailed Description The New-ADObject cmdlet creates a new Active Directory object such as a new organizational unit or new user account. You can use this cmdlet to create any type of Active Directory object. Many object properties are defined by setting cmdlet parameters. Properties that are not set by cmdlet parameters can be set by using the OtherAttributes parameter. You must set the Name and Type parameters to create a new Active Directory object. The Name specifies the name of the new object. The Type parameter specifies the LDAP display name of the Active Directory Schema Class that represents the type of object you want to create. Examples of Type values include computer, group, organizational unit, and user. The Path parameter specifies the container where the object will be created.. When you do not specify the Path parameter, the cmdlet creates an object in the default naming context container for Active Directory objects in the domain.

NEW QUESTION 9
Your company, Contoso, Ltd., has a main office and a branch office. The offices are
connected by a WAN link. Contoso has an Active Directory forest that contains a single domain named ad.contoso.com.
The ad.contoso.com domain contains one domain controller named DC1 that is located in the main office. DC1 is configured as a DNS server for the ad.contoso.com DNS zone. This zone is configured as a standard primary zone.
You install a new domain controller named DC2 in the branch office. You install DNS on DC2.
You need to ensure that DC2 can resolve DNS queries for ad.contoso.com in the event that a WAN link fails. The solution must prevent DC2 from updating records in ad.contoso.com.
What should you do?

• A. Configure the DNS server on DC2 to forward requests to DC1.
• B. Convert the ad.contoso.com zone on DC1 to an Active Directory-integrated zon
• C. Create a new secondary zone named ad.contoso.com on DC2.
• D. Create a new stub zone named ad.contoso.com on DC2.

Answer: B

NEW QUESTION 10
Your company has a main office and a branch office. You deploy a read-only domain controller (RODC) that runs Microsoft Windows Server 2008 to the branch office.
You need to ensure that users at the branch office are able to log on to the domain by using the RODC.
What should you do?

• A. Add another RODC to the branch offic
• B. Configure a new bridgehead server in the main offic
• C. Decrease the replication interval for all connection objects by using the Active Directory Sites and Services consol
• D. Configure the Password Replication Policy on the ROD

Answer: D

Explanation:
Answer: Configure the Password Replication Policy on the RODC.
http://technet.microsoft.com/en-us/library/cc754956%28v=ws.10%29.aspx RODC Frequently Asked Questions What new attributes support the RODC Password Replication Policy? Password Replication Policy is the mechanism for determining whether a user or computer's credentials are allowed to replicate from a writable domain controller to an RODC. The Password Replication Policy is always set on a writable domain controller running Windows Server 2008. What operations fail if the WAN is offline, but the RODC is online in the branch office? If the RODC cannot connect to a writable domain controller running Windows Server 2008 in the hub, the following branch office operations fail: Password changes Attempts to join a computer to a domain Computer rename Authentication attempts for accounts whose credentials are not cached on the RODC Group Policy updates that an administrator might attempt by running the gpupdate /force command What operations succeed if the WAN is offline, but the RODC is online in the branch office? If the RODC cannot connect to a writable domain controller running Windows Server 2008 in the hub, the following branch office operations succeed: Authentication and logon attempts, if the credentials for the resource and the requester are already cached, Local RODC server administration performed by a delegated RODC server administrator.

NEW QUESTION 11
Your network contains a server named Server1 that runs Windows Server 2008 R2.
On Server1, you create an Active Directory Lightweight Directory Services (AD LDS)
instance named
Instance1.
You connect to Instance1 by using ADSI Edit.
You run the Create Object wizard and you discover that there is no User object class. You
need to ensure that you can create user objects in Instance1.
What should you do?

• A. Run the AD LDS Setup Wizar
• B. Modify the schema of Instance1.
• C. Modify the properties of the Instance1 servic
• D. Install the Remote Server Administration Tools (RSAT).

Answer: B

Explanation:
http://technet.microsoft.com/en-us/library/cc772194.aspx To create users in AD LDS, you must first import the optional user classes that are provided with AD LDS into the AD LDS schema. These user classes are provided in importable .ldf files, which you can find in the directory %windir%adam on the computer where AD LDS is installed. The user, inetOrgPerson, and OrganizationalPerson object classes are not available until you import the AD LDS user class definitions into the schema.

NEW QUESTION 12
You are one of two network administrators for your organization.
Your IT partner does most of the work in Active Directory.
While working in Active Directory, your partner accidently deleted a user from the Sales OU.
You recover the user from tape backup but you want to help prevent this from happening again in the future.
What can you do?

• A. Enable the Active Directory Recycle Bi
• B. Use ADSI Edit to restore the use
• C. Take away all rights from the other administrato
• D. Use the Directory Services Restore Mode Lockout comman

Answer: A

Explanation:
http://technet.microsoft.com/en-us/library/dd392261%28v=ws.10%29.aspx Active Directory Recycle Bin Step-by-Step Guide Active Directory Recycle Bin helps minimize directory service downtime by enhancing your ability to preserve and restore accidentally deleted Active Directory objects without restoring Active Directory data from backups, restarting Active Directory Domain Services (AD DS), or rebooting domain controllers. When you enable Active Directory Recycle Bin, all link-valued and non-link-valued attributes of the deleted Active Directory objects are preserved and the objects are restored in their entirety to the same consistent logical state that they were in immediately before deletion. For example, restored user accounts automatically regain all group memberships and corresponding access rights that they had immediately before deletion, within and across domains.
Active Directory Recycle Bin is functional for both AD DS and Active Directory Lightweight Directory Services (AD LDS) environments.
Important By default, Active Directory Recycle Bin in Windows Server 2008 R2 is disabled. To enable it, you must first raise the forest functional level of your AD DS or AD LDS environment to Windows Server 2008 R2, which in turn requires all forest domain controllers or all servers that host instances of AD LDS configuration sets to be running Windows Server 2008 R2. After you set the forest functional level of your environment to Windows Server 2008 R2, you can use the instructions in this guide to enable Active Directory Recycle Bin. In this release of Windows Server 2008 R2, the process of enabling Active Directory Recycle Bin is irreversible. After you enable Active Directory Recycle Bin in your environment, you cannot disable it.

NEW QUESTION 13
Your network contains an Active Directory domain named contoso.com.
All domain controllers were upgraded from Windows Server 2003 to Windows Server 2008 R2 Service Pack 1 (SP1). The functional level of the domain is Windows Server 2003.
You need to configure SYSVOL to use DFS Replication.
Which tools should you use? (Each correct answer presents part of the solution. Choose two.)

• A. Dfsrmig
• B. Frsdiag
• C. Ntdsutil
• D. Set-ADForest
• E. Repadmin
• F. Set-ADDomainMode
• G. DFS Management

Answer: AF

Explanation:
First we need to upgrade the domain functional level, using Set-ADDomainMode. Then, now that the domain controllers have been upgraded to Windows Server 2008 R2 and the domain functional level has been upgraded (to Windows Server 2008 (R2)), we can migrate to DFS Replication for replicating SYSVOL, instead of File Replication Service (FRS) of previous Windows Server versions. We can use Dfsrmig for that migration.
Explanation 1: MS Press - Self-Paced Training Kit (Exam 70-640) (2nd Edition, July 2012) page 543 In versions of Windows Server prior to Windows Server 2008, the FRS was used to replicate the contents of SYSVOL between domain controllers. FRS has limitations in both capacity and performance that cause it to break occasionally. Unfortunately, troubleshooting and configuring FRS is quite difficult. In Windows Server 2008 and Windows Server 2008 R2 domains, you have the option to use DFS-R to replicate the contents of SYSVOL.
Explanation 2: http://technet.microsoft.com/en-us/library/ee617230.aspx Set-ADDomainMode The Set-ADDomainMode cmdlet sets the domain mode for a domain. You specify the domain mode by setting the DomainMode parameter. The domain mode can be set to the following values that are listed in order of functionality from lowest to highest. Windows2000Domain Windows2003InterimDomain Windows2003Domain Windows2008Domain Windows2008R2Domain
Explanation 3: http://technet.microsoft.com/en-us/library/dd639809.aspx Migrating to the Prepared State The following sections provide an overview of the procedures that you perform when you migrate SYSVOL replication from File Replication Service (FRS) to Distributed File System (DFS Replication). This migration phase includes the tasks in the following list.
(...)
Running the dfsrmig /SetGlobalState 1 command on the PDC emulator to start the
migration to the Prepared state.

NEW QUESTION 14
You need to identify all failed logon attempts on the domain controllers.
What should you do?

• A. View the Netlogon.log fil
• B. View the Security tab on the domain controller computer objec
• C. Run Event Viewe
• D. Run the Security and Configuration Wizar

Answer: C

Explanation:
http://support.microsoft.com/kb/174074 Security Event Descriptions This article contains descriptions of various security-related and auditing- related events, and tips for interpreting them. These events will all appear in the Security event log and will be logged with a source of "Security." Event ID: 529 Type: Failure Audit Description: Logon Failure: Reason: Unknown user name or bad password User Name: %1 Domain: %2 Logon Type: %3 Logon Process: %4 Authentication Package: %5 Workstation Name: %6 Event ID: 530 Type: Failure Audit Description: Logon Failure: Reason: Account logon time restriction violation User Name: %1 Domain: %2 Logon Type: %3 Logon Process: %4 Authentication Package: %5 Workstation Name: %6 Event ID: 531 Type: Failure Audit Description: Logon Failure: Reason: Account currently disabled User Name: %1 Domain: %2 Logon Type: %3 Logon Process: %4 Authentication Package: %5 Workstation Name: %6 Event ID: 532 Type: Failure Audit Description: Logon Failure: Reason: The specified user account has expired User Name: %1 Domain: %2 Logon Type: %3 Logon Process: %4 Authentication Package: %5 Workstation Name: %6 Event ID: 533 Type: Failure Audit Description: Logon Failure: Reason: User not allowed to logon at this computer User Name: %1 Domain: %2 Logon Type: %3 Logon Process: %4 Authentication Package: %5 Workstation Name: %6 Event ID: 534 Type: Failure Audit Description: Logon Failure: Reason: The user has not been granted the requested logon type at this machine User Name: %1 Domain: %2 Logon Type: %3 Logon Process: %4 Authentication Package: %5 Workstation Name: %6 Event ID: 535 Type: Failure Audit Description: Logon Failure: Reason: The specified account's password has expired User Name: %1 Domain: %2 Logon Type: %3 Logon Process: %4 Authentication Package: %5 Workstation Name: %6 Event ID: 536 Type: Failure Audit Description: Logon Failure: Reason: The NetLogon component is not active User Name: %1 Domain: %2 Logon Type: %3 Logon Process: %4 Authentication Package: %5 Workstation Name: %6 Event ID: 537 Type: Failure Audit Description: Logon Failure: Reason: An unexpected error occurred during logon User Name: %1 Domain: %2 Logon Type: %3 Logon Process: %4 Authentication Package: %5 Workstation Name: %6

NEW QUESTION 15
You are the network administrator for the ABC Company.
Your network consists of two DNS servers named DNS1 and DNS2.
The users who are configured to use DNS2 complain because they are unable to connect
to Internet websites.
The following table shows the configuration of both servers:

The users connected to DNS2 need to be able to access the Internet.
What needs to be done?

• A. Build a new Active Directory Integrated zone on DNS2.
• B. Delete the .(root) zone from DNS2 and configure Conditional forwarding on DNS2.
• C. Delete the current cache.dns fil
• D. Update your cache.dns file and root hint

Answer: B

Explanation:
http://support.microsoft.com/kb/298148 How To Remove the Root Zone (Dot Zone) When you install DNS on a Windows 2000 server that does not have a connection to the Internet, the zone for the domain is created and a root zone, also known as a dot zone, is also created. This root zone may prevent access to the Internet for DNS and for clients of the DNS. If there is a root zone, there are no other zones other than those that are listed with DNS, and you cannot configure forwarders or root hint servers. For these reasons, you may have to remove the root zone.

NEW QUESTION 16
You have an enterprise root certification authority (CA) that runs Windows Server 2008 R2.
You need to ensure that you can recover the private key of a certificate issued to a Web server.
What should you do?

• A. From the CA, run the Get-PfxCertificate cmdle
• B. From the Web server, run the Get-PfxCertificate cmdle
• C. From the CA, run the certutil.exe tool and specify the -exportpfx paramete
• D. From the Web server, run the certutil.exe tool and specify the -exportpfx paramete

Answer: D

Explanation:
http://technet.microsoft.com/en-us/library/ee449471%28v=ws.10%29.aspx
Manual Key Archival Manual key archival can be used in the following common scenarios
that are not supported by automatic key archival:
Secure/Multipurpose Internet Mail Extensions (S/MIME) certificates used by Microsoft.
Office Outlook. Certificates issued by CAs that do not support key archival. Certificates installed on the Microsoft Windows. 2000 and Windows Millennium Edition operating systems. This topic includes procedures for exporting a private key by using the following programs and for importing a private key to a CA database: Certutil.exe Certificates snap-in Microsoft Office Outlook
To export private keys by using Certutil.exe
1. Open a Command Prompt window.
2. Type the Certutil.exe –exportpfx command using the command-line options described in
the following table.
Certutil.exe [-p <Password>] –exportpfx <CertificateId> <OutputFileName>

C:Documents and Settingsusernwz1Desktop1.PNG

NEW QUESTION 17
Your network contains an Active Directory forest. The forest contains two domains named contoso.com and woodgrovebank.com.
You have a custom attribute named Attibute1 in Active Directory. Attribute1 is associated to User objects.
You need to ensure that Attribute1 is replicated to the global catalog.
What should you do?

• A. In Active Directory Sites and Services, configure the NTDS Setting
• B. In Active Directory Sites and Services, configure the universal group membership cachin
• C. From the Active Directory Schema snap-in, modify the properties of the User class schema objec
• D. From the Active Directory Schema snap-in, modify the properties of the Attibute1 class schema attribut

Answer: D

Explanation:
http://www.tech-faq.com/the-global-catalog-server.html The Global Catalog Server The Global Catalog (GC) is an important component in Active Directory because it serves as the central information store of the Active Directory objects located in domains and forests. Because the GC maintains a list of the Active Directory objects in domains and forests without actually including all information on the objects and it is used when users search for Active Directory objects or for specific attributes of an object, the GC improves network performance and provides maximum accessibility to Active Directory objects.
How to Include Additional Attributes in the GC The number of attributes in the GC affects GC replication. The more attributes the GC servers have to replicate, the more network traffic GC replication creates. Default attributes are included in the GC when Active Directory is first deployed. The Active Directory Schema snap-in can be used to add any additional attribute to the GC. Because the snap-in is by default not included in the Administrative Tools Menu, users have to add it to the MMC before it can be used to customize the GC. To add the Active Directory Schema snap-in in the MMC:
1. Click Start, Run, and enter cmd in the Run dialog box. Press Enter.
2. Enter the following at the command prompt: regsvr32 schmmgmt.dll.
3. Click OK to acknowledge that the dll was successfully registered.
4. Click Start, Run, and enter mmc in the Run dialog box.
5. When the MMC opens, select Add/Remove Snap-in from the File menu.
6. In the Add/Remove Snap-in dialog box, click Add then add the Active Directory Schema snap-in from the Add Standalone Snap-in dialog box.
7. Close all open dialog boxes. To include additional attributes in the GC:
1. Open the Active Directory Schema snap-in.
2. In the console tree, expand the Attributes container, right-click an attribute, and click Properties from the shortcut menu.
3. Additional attributes are added on the General tab.
4. Ensure that the Replicate this attribute to the Global Catalog checkbox is enabled.
5. Click OK.

NEW QUESTION 18
ABC.com has a software evaluation lab. There is a server in the evaluation lab named as
CKT. CKT runs Windows Server 2008 and Microsoft Virtual Server 2005 R2. CKT has 200 virtual servers running on an isolated virtual segment to evaluate software. To connect to the internet, it uses physical network interface card.
ABC.com requires every server in the company to access Internet. ABC.com security policy dictates that the IP address space used by software evaluation lab must not be used by other networks. Similarly, it states the IP address space used by other networks should not be used by the evaluation lab network.
As an administrator you find you that the applications tested in the software evaluation lab need to access normal network to connect to the vendors update servers on the internet.
You need to configure all virtual servers on the CKT server to access the internet. You also need to comply with company's security policy.
Which two actions should you perform to achieve this task? (Choose two answers. Each answer is a part of the complete solution)

• A. Trigger the Virtual DHCP server for the external virtual network and run ipconfig/renew command on each virtual server
• B. On CKT's physical network interface, activate the Internet Connection Sharing (ICS)
• C. Use ABC.com intranet IP addresses on all virtual servers on CK
• D. Add and install a Microsoft Loopback Adapter network interface on CK
• E. Use a new network interface and create a new virtual networ
• F. None of the above

Answer: AD

Explanation:
http://class10e.com/Microsoft/which-two-actions-should-you-perform-to-achieve-this-task-choose-two-answers/ To configure all virtual servers on the CKT server to access the internet and comply with company’s security policy, you should trigger the virtual DHCP server for the external virtual network and run ipconfig/renew command on each virtual server. Then add and install Microsoft Loopback adapter network interface on CKT. Create a virtual network using the new interface. When you configure the Virtual DHCP server for the external virtual network, a set of IP addresses are assigned to the virtual servers on CKT server. By running ipconfig/renew command, the new IP addresses will be renewed. The Microsoft Loopback adapter network interface will ensure that the IP address space used by other networks are not been used by the virtual servers on CKT server. You create a new virtual network on the new network interface which will enable you to access internet.

NEW QUESTION 19
DRAG DROP
Your network contains an Active Directory forest named contoso.com. You need to create an Active Directory Rights Management Services (AD RMS) licensing-only cluster.
What should you do?
To answer, move the appropriate actions from the Possible Actions list to the Necessary Actions area and arrange them in the correct order.

Answer:

Explanation:

NEW QUESTION 20
Your network contains an Active Directory domain named contoso.com.
You need to create a script that runs the Best Practices Analyzer (BPA) each week for all of the server roles that BPA supports on each domain controller.
You must achieve this goal by using the minimum amount of administrative effort.
Which tools should you use? (Each correct answer presents part of the solution. Choose three.)

• A. Get-Troubleshooting Pack / Invoke-Troubleshooting Pac
• B. Import-Module Best Practice
• C. Get-BPA Model / Invoke-BPA Mode
• D. Import-Module Troubleshooting Pac
• E. Get- BPA Resul

Answer: BCE

Explanation:
Explanation 1: http://technet.microsoft.com/en-us/library/dd759206.aspx To scan all roles by using Windows PowerShell cmdlets
1. Open a Windows PowerShell session with elevated user rights.
2. Import the Server Manager module into your Windows PowerShell session. To import the Server Manager module, type the following, and then press ENTER. Import-Module ServerManager
3. Import the BPA module. Type the following, and then press Enter. Import-Module BestPractices
4. Pipe all roles for which BPA scans can be performed into the Invoke-BPAModel cmdlet to start scans. Get-BPAModel | Invoke-BPAModel Explanation 2: http://technet.microsoft.com/en-us/library/ee617286.aspx Get-BpaResult The Get-BPAResult cmdlet allows you to retrieve and view the results of the most recent Best Practices Analyzer (BPA) scan for a specific model.