QUESTION 251
You have an enterprise subordinate certification authority (CA). The CA is configured to use a hardware security module. You need to back up Active Directory Certificate Services on the CA. Which command should you run?
A. certutil.exe -backup
B. certutil.exe -backupDB
C. certutil.exe -backupKey
D. certutil.exe -store
Answer: B
QUESTION 252
You have an enterprise subordinate certification authority (CA). You have a custom Version 3 certificate template. Users can enroll for certificates based on the custom certificate template by using the Certificates console.
The certificate template is unavailable for Web enrollment.
You need to ensure that the certificate template is available on the Web enrollment pages.
What should you do?
A. Run certutil.exe -pulse.
B. Run certutil.exe installcert.
C. Change the certificate template to a Version 2 certificate template.
D. On the certificate template, assign the Autoenroll permission to the users.
Answer: C
Explanation:
Our problem is that we can’t use version 3 templates with the Web enrollment – only version 1 and 2 are supported.
Certificate Web enrollment cannot be used with version 3 certificate templates. Reference: http://technet.microsoft.com/en-us/library/cc732517.aspx
Version 3 templates cannot be requested via web enrollment using the “out of box” certificate web enrollment pages.
Reference: http://blogs.technet.com/b/ad/archive/2008/06/30/2008-web-enrollment-and-version-3templates.aspx
certutil.exe -pulseis used to check on the status (“pulse”) of autoenrollment events.
certutil.exe -installcertis used to install a CA certificate
Reference: http://technet.microsoft.com/library/cc732443.aspx
QUESTION 253
You have an enterprise subordinate certification authority (CA). You have a custom certificate template that has a key length of 1,024 bits. The template is enabled for autoenrollment.
You increase the template key length to 2,048 bits. You need to ensure that all current certificate holders automatically enroll for a certificate that uses the new template.
Which console should you use?
A. Active Directory Administrative Center
B. Certification Authority
C. Certificate Templates
D. Group Policy Management
Answer: C
Explanation:
Enrollment in a certificate is configured from the properties of the certificate template itself. This means we need to use the Certificate Templates snap-in. The Certification Authority snap-in is used for managing properties of the CA, not certificates.
Group Policy is used to configure autoenrollment settings for the domain, but will not perform the initial enrollment.
Active Directory Administrative Center is a GUI for AD that will let you work with user accounts properties, but this is not where certificates are assigned/enrolled.
QUESTION 254
Your network contains an Active Directory forest. All domain controllers run Windows Server 2008 Standard. The functional level of the domain is Windows Server 2003. You have a certification authority (CA). The relevant servers in the domain are configured as shown in the following table:
You need to ensure that you can install the Active Directory Certificate Services (AD CS) Certificate Enrollment Web Service on the network.
What should you do?
A. Upgrade Server1 to Windows Server 2008 R2.
B. Upgrade Server2 to Windows Server 2008 R2.
C. Raise the functional level of the domain to Windows Server 2008.
D. Install the Windows Server 2008 R2 Active Directory Schema updates.
Answer: D
Reference: http://technet.microsoft.com/en-us/library/dd759243.aspx
QUESTION 255
You have Active Directory Certificate Services (AD CS) deployed. You create a custom certificate template.
You need to ensure that all of the users in the domain automatically enroll for a certificate based on the custom certificate template.
Which two actions should you perform? (Each Answer presents part of the solution. Choose two.)
A. In a Group Policy object (GPO), configure the Autoenrollment settings.
B. In a Group Policy object (GPO), configure the Automatic Certificate Request Settings.
C. On the certificate template, assign the Read and Autoenroll permission to the Authenticated Users group.
D. On the certificate template, assign the Read, Enroll, and Autoenroll permission to the Domain Users group.
Answer: AD
QUESTION 256
Your company has a server that runs an instance of Active Directory Lightweight Directory Services (AD LDS).
You need to create new organizational units in the AD LDS application directory partition.
What should you do?
A. Use the Active Directory Users and Computers snap-in to create the organizational units on the AD LDS
application directory partition.
B. Use the ADSI Edit snap-in to create the organizational units on the AD LDS application directory partition.
C. Use the dsadd OU <OrganizationalUnitDN>command to create the organizational units.
D. Use the dsmod OU <OrganizationalUnitDN>command to create the organizational units.
Answer: B
Explanation:
To create new OUs in the AD LDS application directory partition, you should use the ADSI Edit snap-in. This is the main snap-in used for most AD LDS management.
ADSI Edit is a snap-in that runs in a Microsoft Management Console (MMC). The default console containing ADSI Edit is AdsiEdit.msc. If this snap-in is not added in your MMC,you can do it by adding through Add/Remove Snap-in menu option in the MMC or you can open AdsiEdit.msc from a Windows Explorer.
QUESTION 257
Your company has a server that runs Windows Server 2008 R2. The server runs an instance of Active Directory Lightweight Directory Services (AD LDS).
You need to replicate the AD LDS instance on a test computer that is located on the network.
What should you do?
A. Run the repadmin /kcc <servername>command on the test computer.
B. Create a naming context by running the dsmgmt command on the test computer.
C. Create a new directory partition by running the dsmgmt command on the test computer.
D. Create and install a replica by running the AD LDS Setup wizard on the test computer.
Answer: D
QUESTION 258
You network consists of a single Active Directory domain. All domain controllers run Windows Server 2008 R2.
You need to reset the Directory Services Restore Mode (DSRM) password on a domain controller.
What tool should you use?
A. dsmod
B. ntdsutil
C. Local Users and Groups snap-in
D. Active Directory Users and Computers snap-in
Answer: B
Explanation:
The ntdsutil command is used for configuring and managing directory services. The official procedure for resetting the DSRM password is as follows:
ntdsutil set dsrm passwordreset
password on server null
The DSRM password is not associated with a user account, so we would not use Local Users and Groups or Active Directory Users and Computers. Similarly, dsmod allows us to edit objects in AD, not manage directory service properties and configuration
QUESTION 259
Your network contains an Active Directory domain named contoso.com.
You need to identify whether the Active Directory Recycle Bin is enabled.
What should you do?
A. From Ldp, search for the LostAndFound container.
B. From Ldp, search for the Reanimate-Tombstones object.
C. From Windows PowerShell, run the Get-ADObjectcmdlet.
D. From Windows PowerShell, run the Get-ADOptionalFeaturecmdlet.
Answer: D
QUESTION 260
Your company has a domain controller server that runs the Windows Server 2008 R2 operating system. The server is a backup server. The server has a single 500-GB hard disk that has three partitions for the operating system, applications, and data. You perform daily backups of the server.
The hard disk fails. You replace the hard disk with a new hard disk of the same capacity. You restart the computer on the installation media. You select the Repair your computer option. You need to restore the operating system and all files. What should you do?
A. Select the System Image Recovery option.
B. Run the imagex utility at the command prompt.
C. Run the wbadmin utility at the command prompt.
D. Run the rollback utility at the command prompt.
Answer: C
If you want to pass Microsoft 70-648 successfully, donot missing to read latest lead2pass Microsoft 70-648 practice exams.
If you can master all lead2pass questions you will able to pass 100% guaranteed.