HomeMicrosoftMCSAReal Identity with Windows Server 2016 70-742 Dumps
April 2, 2019

Real Identity with Windows Server 2016 70-742 Dumps

Are you still looking for real Identity with Windows Server 2016 70-742 dumps? We offer the latest 70-742 dumps to help you complete your MCSA Windeos Server 2016 certification 70-742 exam. The current version of 70-742 exam is V13.02, which contains 222 real exam questions answers. After you practice all these 70-742 exam questions with our pdf and free software, you will answer 70-742 exam successfully.

Here we have 70-742 free dumps for checking online.

1. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You network contains an Active Directory forest named contoso.com. The forest contains an Active Directory Rights Management Services (AD RMS) deployment.

Your company establishes a partnership with another company named Fabrikam, Inc. The network of Fabrikam contains an Active Directory forest named fabrikam.com and an AD RMS deployment.

You need to ensure that the users in contoso.com can access rights protected documents sent by the users in fabrikam.com.

Solution: From AD RMS in fabrikam.com, you configure contoso.com as a trusted publisher domain.

Does this meet the goal

2. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You network contains an Active Directory forest named contoso.com. The forest contains an Active Directory Rights Management Services (AD RMS) deployment.

Your company establishes a partnership with another company named Fabrikam, Inc. The network of Fabrikam contains an Active Directory forest named fabrikam.com and an AD RMS deployment.

You need to ensure that the users in contoso.com can access rights protected documents sent by the users in fabrikam.com.

Solution: From AD RMS in contoso.com, you configure fabrikam.com as a trusted publisher domain.

Does this meet the goal?

3. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You network contains an Active Directory forest named contoso.com. The forest contains an Active Directory Rights Management Services (AD RMS) deployment.

Your company establishes a partnership with another company named Fabrikam, Inc. The network of Fabrikam contains an Active Directory forest named fabrikam.com and an AD RMS deployment.

You need to ensure that the users in contoso.com can access rights protected documents sent by the users in fabrikam.com.

Solution: From AD RMS in contoso.com, you configure fabrikam.com as a trusted user domain.

Does this meet the goal?

4. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Your network contains an Active Directory forest named contoso.com. The forest contains a member server named Server1 that runs Windows Server 2016. All domain controllers run Windows Server 2012 R2.

Contoso.com has the following configuration.

PS C:> (Get-ADForest).ForestMode

Windows2008R2Forest

PS C:> (Get-ADDomain).DomainMode

Windows2008R2Domain

PS C:>

You plan to deploy an Active Directory Federation Services (AD FS) farm on Server1 and to configure device registration.

You need to configure Active Directory to support the planned deployment.

Solution: You run adprep.exe from the Windows Server 2016 installation media.

Does this meet the goal?

5. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Your network contains an Active Directory forest named contoso.com. The forest contains a member server named Server1 that runs Windows Server 2016. All domain controllers run Windows Server 2012 R2.

Contoso.com has the following configuration.

PS C:> (Get-ADForest).ForestMode

Windows2008R2Forest

PS C:> (Get-ADDomain).DomainMode

Windows2008R2Domain

PS C:>

You plan to deploy an Active Directory Federation Services (AD FS) farm on Server1 and to configure device registration.

You need to configure Active Directory to support the planned deployment.

Solution: You upgrade a domain controller to Windows Server 2016.

Does this meet the goal?

6. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Your network contains an Active Directory forest named contoso.com. The forest contains a member server named Server1 that runs Windows Server 2016. All domain controllers run Windows Server 2012 R2.

Contoso.com has the following configuration.

PS C:> (Get-ADForest).ForestMode

Windows2008R2Forest

PS C:> (Get-ADDomain).DomainMode

Windows2008R2Domain

PS C:>

You plan to deploy an Active Directory Federation Services (AD FS) farm on Server1 and to configure device registration.

You need to configure Active Directory to support the planned deployment.

Solution: You raise the domain functional level to Windows Server 2012 R2.

Does this meet the goal?

7. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2016. The computer account for Server1 is in organizational unit (OU) named OU1.

You create a Group Policy object (GPO) named GPO1 and link GPO1 to OU1.

You need to add a domain user named User1 to the local Administrators group on Server1.

Solution: From a domain controller, you run the Set-AdComputer cmdlet.

Does this meet the goal?

8. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2016. The computer account for Server1 is in organizational unit (OU) named OU1.

You create a Group Policy object (GPO) named GPO1 and link GPO1 to OU1.

You need to add a domain user named User1 to the local Administrators group on Server1.

Solution: From the Computer Configuration node of GPO1, you configure the Local Users and Groups preference.

Does this meet the goal?

9. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2016. The computer account for Server1 is in organizational unit (OU) named OU1.

You create a Group Policy object (GPO) named GPO1 and link GPO1 to OU1.

You need to add a domain user named User1 to the local Administrators group on Server1.

Solution: From the Computer Configuration node of GPO1, you configure the Account Policies settings.

Does this meet the goal?

10. Note: This question is part of a series of questions that use the same or similar answer choices. An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in this series. Information and details provided in a question apply only to that question.

Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named Server1.

You recently restored a backup of the Active Directory database from Server1 to an alternate Location.

The restore operation does not interrupt the Active Directory services on Server1.

You need to make the Active Directory data in the backup accessible by using Lightweight Directory Access Protocol (LDAP).

Which tool should you use?

11. Note: This question is part of a series of questions that use the same or similar answer choices. An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in this series. Information and details provided in a question apply only to that question.

Your network contains an Active Directory domain named contoso.com.

You need to limit the number of Active Directory Domain Services (AD DS) objects that a user can create in the domain.

Which tool should you use?

12. Note: This question is part of a series of questions that use the same or similar answer choices. An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in this series. Information and details provided in a question apply only to that question.

Your network contains an Active Directory forest named contoso.com. The forest functional level is Windows Server 2012 R2.

You need to ensure that a domain administrator can recover a deleted Active Directory object quickly.

Which tool should you use?

13. You have users that access web applications by using HTTPS. The web applications are located on the servers in your perimeter network. The servers use certificates obtained from an enterprise root certification authority (CA). The certificates are generated by using a custom template named WebApps. The certificate revocation list (CRL) is published to Active Directory.

When users attempt to access the web applications from the Internet, the users report that they receive a revocation warning message in their web browser. The users do not receive the message when they access the web applications from the intranet.

You need to ensure that the warning message is not generated when the users attempt to access the web applications from the Internet.

What should you do?

14. You network contains an Active Directory domain named contoso.com. The domain contains an enterprise certification authority (CA) named CA1.

You have a test environment that is isolated physically from the corporate network and the Internet.

You deploy a web server to the test environment. On CA1, you duplicate the Web Server template, and you name the template Web_Cert_Test.

For the web server, you need to request a certificate that does not contain the revocation information of CA1.

What should you do first?

15. Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. The domain contains a server named Server1.

An administrator named Admin01 plans to configure Server1 as a standalone certification authority (CA).

You need to identify to which group Admin01 must be a member to configure Server1 as a standalone CA. The solution must use the principle of least privilege.

To which group should you add Admin01?

16. Your network contains an Active Directory forest named contoso.com. The forest contains several domains.

An administrator named Admin01 installs Windows Server 2016 on a server named Server1 and then joins Server1 to the contoso.com domain.

Admin01 plans to configure Server1 as an enterprise root certification authority (CA).

You need to ensure that Admin01 can configure Server1 as an enterprise CA. The solution must use the principle of least privilege.

To which group should you add Admin01?

17. Your network contains an enterprise root certification authority (CA) named CA1.

Multiple computers on the network successfully enroll for certificates that will expire in one year. The certificates are based on a template named Secure_Computer. The template uses schema version 2.

You need to ensure that new certificates based on Secure_Computer are valid for three years.

What should you do?

18. You deploy a new enterprise certification authority (CA) named CA1.

You plan to issue certificates based on the User certificate template.

You need to ensure that the issued certificates are valid for two years and support autoenrollment.

What should you do first?

19. Your network contains an Active Directory forest named contoso.com. The forest contains three domains named contoso.com, corp.contoso.com, and ext.contoso.com. The forest contains three Active Directory sites named Site1, Site2, and Site3.

You have the three administrators as described in the following table.

You create a Group Policy object (GPO) named GPO1.

Which administrator or administrators can link GPO1 to Site2?

20. Your network contains an Active Directory domain named contoso.com.

The domain contains a Group Policy object (GPO) named GPO1.

You configure the Internet Settings preference in GPO1 as shown in the exhibit. (Click the Exhibit button.)

A user reports that the homepage of Internet Explorer is not set to http://www.contoso.com.

You confirm that the other settings in GPO1 are applied.

You need to configure GPO1 to set the Internet Explorer homepage.

What should you do?

21. You network contains an Active Directory domain named contoso.com. The domain contains 1,000 desktop computers and 500 laptops. An organizational unit (OU) named OU1 contains the computer accounts for the desktop computers and the laptops.

You create a Windows PowerShell script named Script1.ps1 that removes temporary files and cookies. You create a Group Policy object (GPO) named GPO1 and link GPO1 to OU1.

You need to run the script once weekly only on the laptops.

What should you do?

22. Your network contains an Active Directory domain named contoso.com.

You have an organizational unit (OU) named TestOU that contains test computers.

You need to enable a technician named Tech1 to create Group Policy objects (GPOs) and to link the GPOs to TestOU. The solution must use the principle of least privilege.

Which two actions should you perform? Each correct answer presents part of the solution.

23. Your company recently deployed a new child domain to an Active Directory forest.

You discover that a user modified the Default Domain Policy to configure several Windows components in the child domain.

A company policy states that the Default Domain Policy must be used only to configure domain-wide security settings.

You create a new Group Policy object (GPO) and configure the settings for the Windows components in the new GPO.

You need to restore the Default Domain Policy to the default settings from when the domain was first installed.

What should you do?

24. Your network contains an Active Directory domain named contoso.com.

You have an organizational unit (OU) named OU1 that contains the computer accounts of two servers and the user account of a user named User1. A Group Policy object (GPO) named GPO1 is linked to OU1.

You have an application named App1 that installs by using an application installer named App1.exe.

You need to publish App1 to OU1 by using Group Policy.

What should you do?

25. Your network contains an Active Directory domain named contoso.com.

You open Group Policy Management as shown in the exhibit. (Click the Exhibit button.)

You discover that some of the settings configured in the A1 Group Policy object (GPO) fail to apply to the users in the OU1 organizational unit (OU).

You need to ensure that all of the settings in A1 apply to the users in OU1.

What should you do?

26. Your network contains an Active Directory domain named contoso.com.

You have a Group Policy object (GPO) named GPO1. GPO1 is linked to an organizational unit (OU) named OU1.

GPO1 contains several corporate desktop restrictions that apply to all computers.

You plan to deploy a printer to the computers in OU1.

You need to ensure that any user who signs in to a computer that runs Windows 10 in OU1 receives the new printer. All of the computers in OU1 must continue to apply the corporate desktop restrictions from GPO1.

What should you configure?

27. Note: This question is part of a series of questions that use the same or similar answer choices. An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in this series.

Information and details provided in a question apply only to that question.

Your network contains an Active Directory domain named contoso.com. The domain contains 5,000 user accounts.

You have a Group Policy object (GPO) named DomainPolicy that is linked to the domain and a GPO named DCPolicy that is linked to the Domain Controllers organizational unit (OU).

You need to use the application control policy settings to prevent several applications from running on the network.

What should you do?

28. Note: This question is part of a series of questions that use the same or similar answer choices. An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in this series.

Information and details provided in a question apply only to that question.

Your network contains an Active Directory domain named contoso.com. The domain contains 5,000 user accounts.

You have a Group Policy object (GPO) named DomainPolicy that is linked to the domain and a GPO named DCPolicy that is linked to the Domain Controllers organizational unit (OU).

You need to configure the Documents folder of every user to be stored on a server named FileServer1.

What should you do?

29. Note: This question is part of a series of questions that use the same or similar answer choices. An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in this series.

Information and details provided in a question apply only to that question.

Your network contains an Active Directory domain named contoso.com. The domain contains 5,000 user accounts.

You have a Group Policy object (GPO) named DomainPolicy that is linked to the domain and a GPO named DCPolicy that is linked to the Domain Controllers organizational unit (OU).

You need to force users to change their account password at least every 30 days.

What should you do?

30. Note: This question is part of a series of questions that use the same scenario. For you convenience, the scenario is repeated in each question. Each question presents a different goal and answer choices, but the text of the scenario is exactly the same in each question in this series.

Start of repeated scenario.

You work for a company named Contoso, Ltd.

The network contains an Active Directory forest named contoso.com. A forest trust exists between contoso.com and an Active Directory forest named adatum.com.

The contoso.com forest contains the objects configured as shown in the following table.

Group1 and Group2 contain only user accounts.

Contoso hires a new remote user named User3. User3 will work from home and will use a computer named Computer3 that runs Windows 10. Computer3 is currently in a workgroup.

An administrator named Admin1 is a member of the Domain Admins group in the contoso.com domain.

From Active Directory Users and Computers, you create an organizational unit (OU) named OU1 in the contoso.com domain, and then you create a contact named Contact1 in OU1.

An administrator of the adatum.com domain runs the Set-ADUser cmdlet to configure a user named User1 to have a user logon name of [email protected].

End of repeated scenario.

You need to ensure that User2 can add Group4 as a member of Group5.

What should you modify?

31. Note: This question is part of a series of questions that use the same scenario. For your convenience, the scenario is repeated in each question. Each question presents a different goal and answer choices, but the text of the scenario is exactly the same in each question in this series.

Start of repeated scenario.

You work for a company named Contoso, Ltd.

The network contains an Active Directory forest named contoso.com. A forest trust exists between contoso.com and an Active Directory forest named adatum.com.

The contoso.com forest contains the objects configured as shown in the following table.

Group1 and Group2 contain only user accounts.

Contoso hires a new remote user named User3. User3 will work from home and will use a computer named Computer3 that runs Windows 10. Computer3 is currently in a workgroup.

An administrator named Admin1 is a member of the Domain Admins group in the contoso.com domain.

From Active Directory Users and Computers, you create an organizational unit (OU) named OU1 in the contoso.com domain, and then you create a contact named Contact1 in OU1.

An administrator of the adatum.com domain runs the Set-ADUser cmdlet to configure a user named User1 to have a user logon name of [email protected].

End or repeated scenario.

You need to ensure that Admin1 can add Group2 as a member of Group3.

What should you modify?

32. HOTSPOT

Note: This question is part of a series of questions that use the same scenario. For you convenience, the scenario is repeated in each question. Each question presents a different goal and answer choices, but the text of the scenario is exactly the same in each question in this series.

Start of repeated scenario.

You work for a company named Contoso, Ltd.

The network contains an Active Directory forest named contoso.com. A forest trust exists between contoso.com and an Active Directory forest named adatum.com.

The contoso.com forest contains the objects configured as shown in the following table.

Group1 and Group2 contain only user accounts.

Contoso hires a new remote user named User3. User3 will work from home and will use a computer named Computer3 that runs Windows 10. Computer3 is currently in a workgroup.

An administrator named Admin1 is a member of the Domain Admins group in the contoso.com domain.

From Active Directory Users and Computers, you create an organizational unit (OU) named OU1 in the contoso.com domain, and then you create a contact named Contact1 in OU1.

An administrator of the adatum.com domain runs the Set-ADUser cmdlet to configure a user named User1 to have a user logon name of [email protected].

End or repeated scenario.

You need to join Computer3 to the contoso.com domain by using offline domain join.

Which command should you use in the contoso.com domain and on Computer3? To answer, select the appropriate options in the answer area.

33. DRAG DROP

Note: This question is part of a series of questions that use the same scenario. For your convenience, the scenario is repeated in each question. Each question presents a different goal and answer choices, but the text of the scenario is exactly the same in each question in this series.

Start of repeated scenario.

Your network contains an Active Directory domain named contoso.com. The domain contains a single site named Site1. All computers are in Site1.

The Group Policy objects (GPOs) for the domain are configured as shown in the exhibit. (Click the Exhibit button.)

The relevant users and client computer in the domain are configured as shown in the following table.

End of repeated scenario.

You plan to enforce the GPO link for A6.

Which five GPOs will apply to User1 in sequence when the user signs in to Computer1 after the link is enforced? To answer, move the appropriate GPOs from the list of GPOs to the answer area and arrange them in the correct order.

34. Note: This question is part of a series of questions that use the same scenario. For your convenience, the scenario is repeated in each question. Each question presents a different goal and answer choices, but the text of the scenario is exactly the same in each question in this series.

Start of repeated scenario.

Your network contains an Active Directory domain named contoso.com. The domain contains a single site named Site1. All computers are in Site1.

The Group Policy objects (GPOs) for the domain are configured as shown in the exhibit. (Click the Exhibit button.)

The relevant users and client computer in the domain are configured as shown in the following table.

End of repeated scenario.

You are evaluating what will occur when you block inheritance on OU4.

Which GPO or GPOs will apply to User1 when the user signs in to Computer1 after block inheritance is configured?

35. DRAG DROP

Note: This question is part of a series of questions that use the same scenario. For your convenience, the scenario is repeated in each question. Each question presents a different goal and answer choices, but the text of the scenario is exactly the same in each question in this series.

Start of repeated scenario.

Your network contains an Active Directory domain named contoso.com. The domain contains a single site named Site1. All computers are in Site1.

The Group Policy objects (GPOs) for the domain are configured as shown in the exhibit. (Click the Exhibit button.)

The relevant users and client computer in the domain are configured as shown in the following table.

End of repeated scenario.

Which five GPOs will apply to User1 in sequence when the user signs in to Computer1? To answer, move the appropriate GPOs from the list to the answer area and arrange them in the correct order.

36. Note: This question is part of a series of questions that use the same scenario. For your convenience, the scenario is repeated in each question. Each question presents a different goal and answer choices, but the text of the scenario is exactly the same in each question in this series.

Start of repeated scenario.

Your network contains an Active Directory domain named contoso.com. The domain contains a single site named Site1. All computers are in Site1.

The Group Policy objects (GPOs) for the domain are configured as shown in the exhibit. (Click the Exhibit button.)

The relevant users and client computer in the domain are configured as shown in the following table.

End of repeated scenario.

You are evaluating what will occur when you disable the Group Policy link for A6.

Which GPOs will apply to User2 when the user signs in to Computer1 after the link for A6 is disabled?

37. HOTSPOT

You have a server named Server1 that runs Windows Server 2016. Server1 has the Windows Application Proxy role service installed.

You need to publish Microsoft Exchange ActiveSync services by using the Publish New Application Wizard. The ActiveSync services must use preauthentication.

How should you configure Server1? To answer, select the appropriate options in the answer area.

38. Your network contains an Active Directory forest named contoso.com.

You have an Active Directory Federation Services (AD FS) farm. The farm contains a server named Server1 that runs Windows Server 2012 R2.

You add a server named Server2 to the farm. Server2 runs Windows Server 2016.

You remove Server1 from the farm.

You need to ensure that you can use role separation to manage the farm.

Which cmdlet should you run?

39. Your network contains an Active Directory forest named contoso.com. The forest contains a member server named Server1 that runs Windows Server 2016. Server1 is located in the perimeter network.

You install the Active Directory Federation Services server role on Server1. You create an Active Directory Federation Services (AD FS) farm by using a certificate that has a subject name of sts.contoso.com.

You need to enable certificate authentication from the Internet on Server1.

Which two inbound TCP ports should you open on the firewall? Each correct answer presents part of the solution.

40. You have a server named Server1 that runs Windows Server 2016.

You need to configure Server1 as a Web Application Proxy.

Which server role or role service should you install on Server1?

41. DRAG DROP

You network contains an Active Directory forest. The forest contains an Active Directory Federation Services (AD FS) deployment.

The AD FS deployment contains the following:

* An AD FS server named server1.contoso.com that runs Windows Server 2016

* A Web Application Proxy used to publish AD FS

* A LIPN that uses the contoso.com suffix

* A namespace named adfs.contoso.com

You create a Microsoft Office 365 tenant named contoso.onmicrosoft.com. You use Microsoft Azure Active Directory Connect (AD Connect) to synchronize all of the users and the UPNs from the contoso.com forest to Office 365.

You need to configure federation between Office 365 and the on-premises deployment of Active Directory.

Which three commands should you run in sequence from Server1? To answer, move the appropriate commands from the list of commands to the answer area and arrange them in the correct order.

42. HOTSPOT

You have a server named Server1 that runs Windows Server 2016. Server1 has the Web Application Proxy role service installed.

You are publishing an application named App1 that will use Integrated Windows authentication as shown in the following graphic.

Use the drop-down menus to select the answer area choice that completes each statement based on the information presented in the graphic.

43. HOTSPOT

Your network contains an Active Directory forest. The forest contains one domain named contoso.com. The domain contains two domain controllers named DC1 and DC2. DC1 holds all of the operations master roles.

During normal network operations, you run the following commands on DC2:

Move-ADDirectoryServerOperationMasterRole -Identity “DC2” -OperationMasterRole PDCEmulator

Move- ADDirectoryServerOperationMasterRole CIdentity “DC2” -OperationMasterRole RIDMaster

DC1 fails.

You remove DC1 from the network, and then you run the following command:

Move-ADDirectoryServerOperationMasterRole CIdentity “DC2” -OperationMasterRole SchemaMaster

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

44. Your network contains an Active Directory forest named contoso.com

Your company plans to hire 500 temporary employees for a project that will last 90 days.

You create a new user account for each employee. An organizational unit (OU) named Temp contains the user accounts for the employees.

You need to prevent the new users from accessing any of the resources in the domain after 90 days.

What should you do?

45. Your network contains an Active Directory forest. The forest contains two domains named litwarenc.com and contoso.com. The contoso.com domain contains two domains controllers named LON-DC01 and LON-DC02. The domain controllers are located in a site named London that is associated to a subnet of 192.168.10.0/24

You discover that LON-DC02 is not a global catalog server.

You need to configure LON-DC02 as a global catalog server.

What should you do?

46. Your network contains an Active Directory domain named contoso.com. The domain functional level is Windows Server 2012 R2.

You need to secure several high-privilege user accounts to meet the following requirements:

What should you do?

47. HOTSPOT

Your network contains an Active Directory domain named contoso.com.

Some user accounts in the domain have the P.O. Box attribute set.

You plan to remove the value of the P.O. Box attribute for all of the users by using Ldifde.

You have a user named User1 who is located in the Users container.

How should you configure the LDIF file to remove the value of the P.O. Box attribute for User1? To answer, select the appropriate options in the answer area.

48. DRAG DROP

Your company has multiple offices.

The network contains an Active Directory domain named contoso.com. An Active Directory site exists for each office. All of the sites connect to each other by using DEFAULTIPSITELINK.

The company plans to open a new office. The new office will have a domain controller and 100 client computers.

You install Windows Server 2016 on a member server in the new office. The new server will become a domain controller.

You need to deploy the domain controller to the new office. The solution must ensure that the client computers in the new office will authenticate by using the local domain controller.

Which three actions should you perform next in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

49. Your network contains an Active Directory forest named contoso.com.

A partner company has a forest named fabrikam.com. Each forest contains one domain.

You need to provide access for a group named Research in fabrikam.com to resources in contoso.com. The solution must use the principle of least privilege.

What should you do?

50. HOTSPOT

Your network contains an Active Directory forest named contoso.com.

Your company has a custom application named ERP1. ERP1 uses an Active Directory Lightweight Directory Services (AD LDS) server named Server1 to authenticate users.

You have a member server named Server2 that runs Windows Server 2016. You install the Active Directory Federation Services (AD FS) server role on Server2 and create an AD FS farm.

You need to configure AD FS to authenticate users from the AD LDS server.

Which cmdlets should you run? To answer, select the appropriate options in the answer area.

51. HOTSPOT

You have a server named Server1 that runs Windows Server 2016. Server1 has the Web Application Proxy role service installed.

You need to publish Microsoft Exchange Server 2013 services through the Web Application Proxy. The solution must use preauthentication whenever possible.

How should you configure the preauthentication method for each service? To answer, select the appropriate options in the answer area.

52. HOTSPOT

You have a server named Server1 that runs Windows Server 2016. Server1 has the Web Application Proxy role service installed.

You publish an application named App1 by using the Web Application Proxy.

You need to change the URL that users use to connect to App1 when they work remotely.

Which command should you run? To answer, select the appropriate options in the answer area.

53. HOTSPOT

You have a server named Server1 that runs Windows Server 2016. Server1 has the Web Application Proxy role service installed.

You plan to deploy Remote Desktop Gateway (RD Gateway) services. Clients will connect to the RD Gateway services by using various types of devices including Windows, iOS and Android devices.

You need to publish the RD Gateway services through the Web Application Proxy.

Which command should you run? To answer, select the appropriate options in the answer area.

54. HOTSPOT

Your network contains an Active Directory domain named contoso.com. The domain contains three servers named Server1, Server2, and Server3 that run Windows Server 2016.

Server1 has IP Address Management (IPAM) installed. Server2 and Server3 have the DHCP Server role installed and have several DHCP scopes configured. The IPAM server retrieves data from Server2 and Server3.

A domain user named User1 is a member of the groups shown in the following table.

On Server1, you create a security policy for User1. The policy grants the IPAM DHCP Scope Administrator Role with the Global access scope to the user.

Which actions can User1 perform? To answer, select the appropriate options in the answer area.

55. DRAG DROP

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2016.

You install IP Address Management (IPAM) on Server1.

You need to manually start discovery of servers that IPAM can manage in contoso.com.

Which three cmdlets should you run in sequence? To answer, move the appropriate cmdlets from the list of cmdlets to the answer area and arrange them in the correct order.

56. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2016.

Server1 has IP Address Management (IPAM) installed. IPAM is configured to use the Group Policy based provisioning method. The prefix for the IPAM Group Policy objects (GPOs) is IP.

From Group Policy Management, you manually rename the IPAM GPOs to have a prefix of IPAM.

You need to modify the GPO prefix used by IPAM.

What should you do?

57. DRAG DROP

Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2 that run Windows Server 2016.

Server1 has IP Address Management (IPAM) installed. Server2 has Microsoft System Center 2016 Virtual Machine Manager (VMM) installed.

You need to integrate IPAM and VMM.

Which types of objects should you create on each server? To answer, drag the appropriate object types to the correct servers. Each object type may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

58. HOTSPOT

Your network contains an Active Directory domain named contoso.com. The domain contains four servers named Server1, Server2, Server3, and Server4 that run Windows Server 2016.

Server1 has IP Address Management (IPAM) installed. Server2, Server3, and Server 4 have the DHCP Server role installed. IPAM manages Server2, Server3, and Server4.

A domain user named User1 is a member of the groups shown in the following table.

Which actions can User1 perform? To answer, select the appropriate options in the answer area.

59. HOTSPOT

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2016.

You install IP Address Management (IPAM) on Server1. You select the automatic provisioning method, and then you specify a prefix of IPAM1.

You need to configure the environment for automatic IPAM provisioning.

Which cmdlet should you run? To answer, select the appropriate options in the answer area.

60. HOTSPOT

Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2 that run Windows Server 2016.

Server1 has IP Address Management (IPAM) installed. Server2 has the DHCP Server role installed. The IPAM server retrieves data from Server2.

The domain has two users named User1 and User2 and a group named Group1. User1 is the only member of Group1.

Server1 has one IPAM access policy. You edit the access policy as shown in the Policy exhibit. (Click the Exhibit button.)

The DHCP scopes are configured as shown in the Scopes exhibit. (Click the Exhibit button.)

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

61. HOTSPOT

Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2 that run Windows Server 2016.

Server1 has Microsoft System Center 2016 Virtual Machine Manager (VMM) installed. Server2 has IP Address Management (IPAM) installed.

You create a domain user named User1.

You need to integrate IPAM and VMM. VMM must use the account of User1 to manage IPAM. The solution must use the principle of least privilege.

What should you do on each server? To answer, select the appropriate options in the answer area.

62. HOTSPOT

Your network contains an Active Directory domain named contoso.com. The domain contains a member server named Server1 that runs Windows Server 2016.

Server1 has IP Address Management (IPAM) installed. IPAM uses a Windows Internal Database.

You install Microsoft SQL Server on Server1.

You plan to move the IPAM database to SQL Server.

You need to create a SQL Server login for the IPAM service account.

For which user should you create the login? To answer, select the appropriate options in the answer area.

63. HOTSPOT

Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2 that run Windows Server 2016.

Server1 has IP Address Management (IPAM) installed. Server2 has the DHCP Server role installed. The IPAM server retrieves data from Server2.

You create a domain user account named User1.

You need to ensure that User1 can use IPAM to manage DHCP.

Which command should you run on Server1? To answer, select the appropriate options in the answer area.

64. HOTSPOT

Your company has a testing environment that contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2016. Server1 has IP Address Management (IPAM) installed. IPAM has the following configuration.

The IPAM Overview page from Server Manager is shown in the IPAM Overview exhibit. (Click the Exhibit button.)

The group policy configurations are shown in the GPO exhibit. (Click the Exhibit button.)

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

65. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution. Determine whether the solution meets the stated goals.

Your network contains an Active Directory domain named contoso.com. The domain contains a DNS server named Server1. All client computers run Windows 10.

On Server1, you have the following zone configuration.

You need to ensure that all of the client computers in the domain perform DNSSEC validation for the fabrikam.com namespace.

Solution: From a Group Policy object (GPO) in the domain, you add a rule to the Name Resolution Policy Table (NRPT).

Does this meet the goal?

66. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You deploy a new Active Directory forest.

You need to ensure that you can create a group Managed Service Account (gMSA) for multiple member servers.

Solution: From Windows PowerShell on a domain controller, you run the Set-KdsConfiguration cmdlet.

Does this meet the goal?

67. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You deploy a new Active Directory forest.

You need to ensure that you can create a group Managed Service Account (gMSA) for multiple member servers.

Solution: You configure Kerberos constrained delegation on the computer account of each domain controller.

Does this meet the goal?

68. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You deploy a new Active Directory forest.

You need to ensure that you can create a group Managed Service Account (gMSA) for multiple member servers.

Solution: You configure Kerberos constrained delegation on the computer account of each member server.

Does this meet the goal?

69. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2016. The Computer account for Server1 is in organizational unit (OU) named OU1.

You create a Group Policy object (GPO) named GPO1 and link GPO1 to OU1.

You need to add a domain user named user1 to the local Administrators group on Server1.

Solution: From the Computer Configuration node of GPO1, you configure the local Users and Groups preference.

Does this meet the goal?

70. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2016. The Computer account for Server1 is in organizational unit (OU) named OU1.

You create a Group Policy object (GPO) named GPO1 and link GPO1 to OU1.

You need to add a domain user named user1 to the local Administrators group on Server1.

Solution: From the Computer Configuration node of GPO1, you configure the Restricted Groups settings.

Does this meet the goal?

71. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a server named Web1 that runs Windows Server 2016.

You need to list all the SSL certificates on Web1 that will expire during the next 60 days.

Solution: You run the following command.

Get-ChildItem Cert:LocalMachineTrust |? { $_.NotAfter CIt (Get-Date).AddDays( 60 ) }

Does this meet the goal?

72. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a server named Web1 that runs Windows Server 2016.

You need to list all the SSL certificates on Web1 that will expire during the next 60 days.

Solution: You run the following command.

Does this meet the goal?

73. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a server named Web1 that runs Windows Server 2016.

You need to list all the SSL certificates on Web1 that will expire during the next 60 days.

Solution: You run the following command.

Get-ChildItem Cert:LocalMachineMy |? { $_.NotAfter CIt (Get-Date).AddDays( 60 ) }

Does this meet the goal?

74. Your network contains an Active Directory domain named contoso.com. The domain contains an enterprise certification authority (CA) named CA1.

You duplicate the Computer certificate template, and you name the template Cont_Computers.

You need to ensure that all of the certificates issued based on Cont_Computers have a key size of 4,096 bits.

What should you do?

75. Your network contains an Active Directory domain named contoso.com.

Domain users use smart cards to sign in to their client computer.

Some users report that it takes a long time to sign in to their computer and that the logon attempt times out, so they must restart the sign in process.

You discover that the issues to checking the certificate revocation list (CRL) of the smart card certificates.

You need to resolve the issue without diminishing the security of the smart card logons.

What should you do?

76. Your company has a marketing department and a security department.

The network contains an Active Directory domain named contoso.com. The domain contains an enterprise certification authority (CA).

You have two organizational units (OUs) named MKT_UsersOU and MKT_ComputersOU. MKT_UsersOU contains the user accounts for the users in the marketing department. MKT_ComputersOU contains the computer accounts for the computers in the marketing department.

A Group policy object (GPO) named GPO1 is linked to MKT_UsersOU. A GPO named GPO2 linked to MKT_ComputersOU.

You plan to deploy a web application for the marketing department users. The application will require certificates for authentication.

The security department configures the CA to support the planned deployment.

You need to ensure that the web application can authenticate the marketing department users.

What should you do?

77. Your network contains an Active Directory domain named contoso.com.

You need to create a central store for Group Policy administrator templates.

What should you use?

78. Your network contains an Active Directory domain named contoso.com. The domain contains a member server named Server1 and a domain controller named DC1. Both servers run Windows Server 2016. Server1 is used to perform administrative tasks, including managing Group Polices.

After maintenance is performed on DC1, you open a Group Policy object (GPO) from Server1 as shown in the exhibit.

You need to be able to view all of the Administrative Templates settings in GPO1.

What should you do?

79. HOTSPOT

Your network contains an Active Directory domain named contoso.com.

A user named User1 and a computer named Conputer1 are in an organizational unit OU1. A user named User2 and a computer named Computer 2 are in an OU named OU2.

A Group Policy object (GPO) named GPO1 is linked to the domain. GPO1 contains a user preference that is configured as shown in the Shortcut1 Properties exhibit. (Click the Exhibit button.)

Item-level targeting for the user preference is configured as shown in the Targeting exhibit. (Click the Exhibit button.)

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

80. Note: This question is part of a series of questions that use the same or similar answer choices. An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in this series. Information and details provided in a question apply only to that question.

Your network contains an Active Directory domain named contoso.com.

You recently deleted 5,000 objects from the Active Directory database.

You need to reduce the amount of disk space used to store the Active Directory database on a domain controller.

81. Note: This question is part of a series of questions that use the same or similar answer choices. An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in this series. Information and details provided in a question apply only to that question.

Your network contains an Active Directory domain named contoso.com. The domain functional level is Windows Server 2012 R2.

Your company hires a new security administrator to manage sensitive user data.

You create a user account named Security1 for the security administrator.

You need to ensure that the password for Security1 has at least 12 characters and is modified every 10 days. The solution must apply to Security1 only.

Which tool should you use?

82. Note: This question is part of a series of questions that use the same or similar answer choices. An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in this series. Information and details provided in a question apply only to that question.

Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that runs Windows Server 2016.

You need to create a snapshot of the Active Directory database on DC1.

Which tool should you use?

83. HOTSPOT

Your network contains an Active Directory forest named contoso.com. The forest contains an Active Directory Federation Services (AD FS) farm.

You install Windows Server 2016 on a server named Server2.

You need to configure Server2 as a node in the federation server farm.

Which cmdlets should you run? To answer, select the appropriate options in the answer area.

84. You have an Active Directory Rights Management Services (AD RMS) server named RMS1.

Multiple documents are protected by using RMS1.

RMS1 fails and cannot be recovered.

You install the AD RMS server role on a new server named RMS2. You restore the AD RMS database from RMS1 to RMS2.

Users report that they fail to open the protected documents and to protect new documents.

You need to ensure that the users can access the protected content.

What should you do?

85. You network contains an Active Directory domain named contoso.com. The domain contains an Active Directory Federation Services (AD FS) server named ADFS1, a Web Application Proxy server named WAP1, and a web server named Web1.

You need to publish a website on Web1 by using the Web Application Proxy. Users will authenticate by using OAuth2 preauthentication.

What should you do first?

86. DRAG DROP

You network contains an Active Directory domain named contoso.com. The domain contains an enterprise certification authority (CA).

A user named Admin1 is a member of the Domain Admins group.

You need to ensure that you can archive keys on the C

87. You network contains an active Directory domain. The domain contains 20 domain controllers.

You discover that some Group Policy objects (PROs) are not being applied by all the domain controllers.

You need to verify whether GPOs replicate successfully to all the domain controllers.

What should you do?

88. Your network contains an Active Directory domain named contoso.com. The domain contains a user named User1 and an organizational unit (OU) named OU1.

You create a Group Policy object (GPO) named GPO1.

You need to ensure that User1 can link GPO1 to OU1.

What should you do?


 

100% Real MS-302 Exam Dumps
Microsoft 365 Certified MS-100 Exam Dumps
Tags:, , , , ,

Related Posts

About The Author

dumps

From our dumpsbase platform you could search what exams you need then test or practice online by yourself. Download the PDF file if you need directly. Any other questions you can mail [email protected]