Identity with Windows Server 2016 – Microsoft: 70-742 exam. Share the latest 70-742 dumps and Practice test questions for free. Real and effective exam questions and answers. 70-742 pdf online Download, 70-742 YouTube video online learning to improve skills!
Examthings share 30 Practice test questions for FREE!
Get the full 70-742 exam dumps: https://www.leads4pass.com/70-742.html (Total questions:224 Q&A)
[PDF] Free Microsoft MCSA 70-742 pdf dumps download from Google Drive: https://drive.google.com/open?id=1z-4YLX55xHk9HRL327wpY62cc34TvGSa
[PDF] Free Full Microsoft pdf dumps download from Google Drive: https://drive.google.com/open?id=1AwBFPqkvdpJBfxdZ3nGjtkHQZYdBsRVz
Exam 70-742: Identity with Windows Server 2016 – Microsoft: https://www.microsoft.com/en-us/learning/exam-70-742.aspx
Latest effective Microsoft MCSA 70-742 Exam Practice Tests
QUESTION 1
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains
a unique solution that might meet the stated goals. Some question sets might have more than one correct solution,
while
others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not
appear in the review screen.
You network contains an Active Directory forest named contoso.com. The forest contains an Active Directory Rights
Management Services (AD RMS) deployment.
Your company establishes a partnership with another company named Fabrikam, Inc. The network of Fabrikam
contains an Active Directory forest named fabrikam.com and an AD RMS deployment.
You need to ensure that the users in contoso.com can access rights protected documents sent by the users in
fabrikam.com.
Solution: From AD RMS in contoso.com, you configure fabrikam.com as a trusted publisher domain.
Does this meet the goal?
A. Yes
B. No
Correct Answer: A
QUESTION 2
A technician named Tech1 is assigned the task of joining the laptops to the domain. The computer accounts of each
laptop must be in an organizational unit (OU) that is associated to the department of the user who will use that laptop.
The
laptop names must start with four characters indicating the department followed by a four-digit number
Tech1 is a member of the Domain Users group only. Tech1 has the administrator logon credentials for all the laptops.
You need Tech1 to join the laptops to the domain. The solution must ensure that the laptops are named correctly, and
that the computer accounts of the laptops are in the correct OUs.
Solution: You instruct Tech1 to sign in to each laptop, to rename each laptop by using System in Control Panel, and
then to join each laptop to the domain by using the Netdom join command.
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
QUESTION 3
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains
a unique solution that might meet the stated goals. Some question sets might have more than one correct solution,
while
others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not
appear in the review screen. You have a server named Web1 that runs Windows Server 2016.
You need to list all the SSL certificates on Web1 that will expire during the next 60 days.
Solution: You run the following command.
Get-ChildItem Cert:\LocalMachine\Trust |? { $_.NotAfter –It (Get-Date).AddDays( 60 ) }
Does this meet the goal?
A. Yes
B. No
Correct Answer: A
QUESTION 4
Your network contains an Active Directory domain named contoso.com.
You have an organizational unit (OU) named TestOU that contains test computers.
You need to enable a technician named Tech1 to create Group Policy objects (GPOs) and to link the GPOs to TestOU.
The solution must use the principle of least privilege.
Which two actions should you perform? Each correct answer presents part of the solution.
A. Add Tech1 to the Group Policy Creator Owners group.
B. From Group Policy Management, modify the Delegation settings of the TestOU OU.
C. Add Tech1 to the Protected Users group.
D. From Group Policy Management, modify the Delegation settings of the contoso.com container.
E. Create a new universal security group and add Tech1 to the group.
Correct Answer: AB
QUESTION 5
You have a server named Server1 that runs Windows Server 2016.
You need to configure Server1 as a Web Application Proxy.
Which server role or role service should you install on Server1?
A. Remote Access
B. Active Directory Federation Services
C. Web Server (IIS)
D. DirectAccess and VPN (RAS)
E. Network Policy and Access Services
Correct Answer: A
QUESTION 6
Your network contains an Active Directory domain named contoso.com.
You open Group Policy Management as shown in the exhibit. (Click the Exhibit button.)You discover that some of the settings configured in the A1 Group Policy object (GPO) fail to apply to the users in the
OU1 organizational unit (OU).
You need to ensure that all of the settings in A1 apply to the users in OU1.
What should you do?
A. Enable loopback policy processing in A1.
B. Block inheritance on OU1.
C. Modify the policy processing order for OU1.
D. Modify the GPO Status of A1.
Correct Answer: C
QUESTION 7
Your network contains an Active Directory domain named contoso.com,
All users are in an organizational unit (OU) named Corp_Users.
You plan to modify the description of all the users who have a string of 514 in their mobile phone number.
You need to view a list of the users that will be modified.
What should you run?
A. Get-APUser-Filter “mobilePhone-Like \\’*514*\\'”
B. Get-ADOrganizationalUnit-LDAPFilter “(mobilePhone=\\’*514*\\’)”
C. Get-ADOrganizationalUnit-Filter “mobilePhone-Like \\’*514* “\\’
D. Get-ADUser-LDAPFilter “(mobilePhone=\\’*514*)”
Correct Answer: A
QUESTION 8
Your network contains an Active Directory domain named contoso.com.
You have an organizational unit (OU) named OU1 that contains the computer accounts of two servers and the user
account of a user named User1. A Group Policy object (GPO) named GPO1 is linked to OU1.
You have an application named App1 that installs by using an application installer named App1.exe.
You need to publish App1 to OU1 by using Group Policy.
What should you do?
A. Create a Config.zap file and add a file to the File System node to the Computer Configuration node of GPO1.
B. Create a Config.xml file and add a software installation package to the User Configuration node of GPO1.
C. Create a Config.zap file and add a software installation package to the User Configuration node of GPO1.
D. Create a Config.xml file and add a software installation package to the Computer Configuration node of GPO1.
Correct Answer: C
QUESTION 9
The network contains an Active Directory forest named contoso.com.
The forest contains three domain controllers configured as shown in the following table.
The company physically relocates Server2 from the Montreal office to the Seattle office.
You discover that both Server1 and Server2 authenticate users who sign in to the client computers in the Montreal
office. Only Server3 authenticates users who sign in to the computers in the Seattle office.
You need to ensure that Server2 authenticates the users in the Seattle office during normal network operations.
What should you do?
A. From Windows PowerShell, run the Set-ADReplicationSite cmdlet.
B. From Active Directory Users and Computers, modify the Location Property of Server2.
C. From Network Connections on Server2, modify the Internet Protocol Version 4 (TCP/IPv4) configuration.
D. From Windows PowerShell, run the Move-ADDirectoryServer cmdlet.
Correct Answer: A
QUESTION 10
Note: This question is part of a series of questions that use the same scenario. For your convenience, the scenario is
repeated in each question. Each question presents a different goal and answer choices, but the text of the scenario is
exactly the same in each question in this series.
Start of repeated scenario.
Your network contains an Active Directory domain named contoso.com. The domain contains a single site named Site1.
All computers are in Site1.
The Group Policy objects (GPOs) for the domain are configured as shown in the exhibit.
(Click the Exhibit button.)
The relevant users and client computer in the domain are configured as shown in the following table.
End of repeated scenario.
You are evaluating what will occur when you set User Group Policy loopback processing mode to Replace in A7.
Which GPO or GPOs will apply to User2 when the user signs in to Computer1 after loopback processing is configured?
A. A1 and A7 only
B. A3. Al, A5, A6, and A7
C. A3, A5, A1, and A7 only
D. A7 only
Correct Answer: D
QUESTION 11
Your network contains an Active Directory domain named contoso.com. The domain contains a read-only domain
controller (RODC) named R0DC1.
You need to retrieve a list of accounts that have their password cached on RODC1. Which command should you run?
A. netdom.exe
B. ntdsutil.exe
C. repadmin.exe
D. dcdiag.exe
Correct Answer: C
Explanation: https://technet.microsoft.com/en-us/library/rodc-guidance-for-administering- the-password-replication-
policy(v=ws.10).aspx
QUESTION 12
Your network contains two Active Directory forests named fabrikam.com and contoso.com.
Each forest contains a single domain
Contoso.com has a Group Policy object (GPO) named Cont_GPO1.
You need to apply the settings from Cont_GPO1 to the computers in fabrikam.com.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. Back up Cont_GP01. In fabrikam.com, create and link a new GPO by using the Group Policy Management Console
(GPMC), and then run the Import Settings Wizard.
B. Back up Cont_GP01. In fabrikam.com, run the Restore-GPO cmdlet, and then run the New-GPLink cmdlet.
C. Copy \\contoso.com\SysVol\contoso.com\Policies to \\fabrikam.com\SysVol\fabrikam.com\Policies. In fabrikam.com,
run the New-GPLink cmdlet.
D. Back up Cont_GP01. In fabrikam.com, create and link a new GPO by using the Group Policy Management Console
(GPMC), and then run the Restore Group Policy Object Wizard.
Correct Answer: AD
QUESTION 13
Your network contains an Active Directory domain named contoso.com. You discover that users can use passwords
that contain only numbers.
You need to ensure that all the user passwords in the domain contain at least three of the following types of characters:
Numbers
Uppercase letters
Lowercase letters
Special characters
What should you do?
A. the Default Domain Policy
B. the local policy on each client computer
C. the Default Domain Controllers Policy
D. the local policy on each domain controller
Correct Answer: B
QUESTION 14
Your network contains an Active Directory forest. The forest contains a domain named contoso.com. The domain
contains three domain controllers.
A domain controller named lon-dc1 fails. You are unable to repair lon-dc1.
You need to prevent the other domain controllers from attempting to replicate to lon-dc1.
Solution: From Active Directory Users and Computers, you remove the computer account of lon-dc1.
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
QUESTION 15
You deploy a new certification authority (CA) to a server that runs Windows Server 2016.
You need to configure the CA to support recovery of certificates. What should you do first?
A. Modify the Recovery Agents settings from the properties of the CA.
B. Assign the Request Certificates permission to the user account that will be responsible for recovering certificates.
C. Configure the Key Recovery Agent template as a certificate template to issue.
D. Modify the extensions of the OCSP Response Signing template.
Correct Answer: A
QUESTION 16
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1
that runs Windows Server 2016. On Server1, you create a local user named User1. User1 is a member of the local
Administrators group. Server1 has the following local Group Policies: K
Local Computer Policy
Local Computer\User1Policy
Local Computer\Administrators Policy
You need to force User1 to change his password every 14 days.
Solution: You configure the Password Policy settings in a Group Policy object (GPO) that is linked to the Domain
Controllers organizational unit (OU).
A.
Yes
B. No
Correct Answer: B
QUESTION 17
Your network contains an Active Directory forest named contoso.com. The forest contains 10 domains.
The root domain contains a global catalog server named DC1.
You remove the global catalog server role from DC1.
You need to decrease the size of the Active Directory database on DC1.
Solution: You restart DC1 in Directory Services Repair Mode. You run compact.exe, and then restart DC1.
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
QUESTION 18
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains
a unique solution that might meet the stated goals. Some question sets might have more than one correct solution,
while
others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not
appear in the review screen.
You network contains an Active Directory forest named contoso.com. The forest contains an Active Directory Rights
Management Services (AD RMS) deployment.
Your company establishes a partnership with another company named Fabrikam, Inc. The network of Fabrikam
contains an Active Directory forest named fabrikam.com and an AD RMS deployment.
You need to ensure that the users in contoso.com can access rights protected documents sent by the users in
fabrikam.com.
Solution: From AD RMS in contoso.com, you configure fabrikam.com as a trusted user domain.
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
Contoso would need to be the Trusted User Domain.
QUESTION 19
Your network contains a signle-domin Active Directory forest named contoso.com. The forest functional level is
Windows Server 2016. The forest has Dynamic Access Control enabled. The domin contains two domain controllers
named DC1 and DC2. Privileged user accounts used to manage Active Directory reside in a group named
Contoso\AD_Admins.
You create an authentication policy named Policy1 and an authentication policy silo named Silo1.
You need to ensure that the accounts in the Contoso\AD-Admins group can sign in to the domain controllers only.
Which three configurations should you perform? Each correction answer presents part of the solution.
A. Create a managed service account and add the account to permitted Accounts in Silo1.
B. Add the privileged user accounts and the domain controllers to Permitted Accounts in Silo1.
C. Create an access control condition in Policy1.
D. Add the domain controllers to the Contoso\AD_Admins group.
E. Assign Silo1 to the privileged user accounts and the domain controllers.
Correct Answer: CDE
QUESTION 20
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1
that runs Windows Server 2016.
Server1 has IP Address Management (IPAM) installed. IPAM is configured to use the Group Policy based provisioning
method. The prefix for the IPAM Group Policy objects (GPOs) is IP.
From Group Policy Management, you manually rename the IPAM GPOs to have a prefix of IPAM.
You need to modify the GPO prefix used by IPAM.
What should you do?
A. Click Configure server discovery in Server Manager.
B. Run the Set-IpamConfiguration cmdlet.
C. Run the Invoke-IpamGpoProvisioning cmdlet.
D. Click Provision the IPAM server in Server Manager.
Correct Answer: B
The Set-IpamConfiguration cmdlet modifies the configuration for the computer that runs the IPAM server. The
-GpoPrefix parameter specifies the unique Group Policy object (GPO) prefix name that IPAM uses to create the group
policy objects. Use this parameter only when the value of the ProvisioningMethod parameter is set to Automatic.
References: https://technet.microsoft.com/en-us/library/jj590816.aspx
QUESTION 21
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains
a unique solution that might meet the stated goals. Some question sets might have more than one correct solution,
while
others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not
appear in the review screen.
Your network contains an Active Directory forest named contoso.com. The forest contains a member server named
Server1 that runs Windows Server 2016. All domain controllers run Windows Server 2012 R2.
Contoso.com has the following configuration.
PS C:\> (Get-ADForest).ForestMode
Windows2008R2Forest
PS C:\> (Get-ADDomain).DomainMode
Windows2008R2Domain
PS C:\>
You plan to deploy an Active Directory Federation Services (AD FS) farm on Server1 and to configure device
registration.
You need to configure Active Directory to support the planned deployment.
Solution: You raise the domain functional level to Windows Server 2012 R2.
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
Device Registration requires Windows Server 2012 R2 forest schema (not just domain schema).
QUESTION 22
Note: This question is part of a series of questions that use the same scenario. For your convenience, the scenario is
repeated in each question. Each question presents a different goal and answer choices, but the text of the scenario is
exactly the same in each question in this series.
Start of repeated scenario.
You work for a company named Contoso, Ltd.
The network contains an Active Directory forest named contoso.com. A forest trust exists between contoso.com and an
Active Directory forest named adatum.com.
The contoso.com forest contains the objects configured as shown in the following table.Group1 and Group2 contain only user accounts.
Contoso hires a new remote user named User3. User3 will work from home and will use a computer named Computer3
that runs Windows 10. Computer3 is currently in a workgroup.
An administrator named Admin1 is a member of the Domain Admins group in the contoso.com domain.
From Active Directory Users and Computers, you create an organizational unit (OU) named OU1 in the contoso.com
domain, and then you create a contact named Contact1 in OU1.
An administrator of the adatum.com domain runs the Set-ADUser cmdlet to configure a user named User1 to have a
user logon name of [email protected].
End or repeated scenario.
You need to ensure that Admin1 can add Group2 as a member of Group3.
What should you modify?
A. Modify the Security settings of Group3.
B. Modify the group scope of Group3.
C. Modify the group type of Group3.
D. Set Admin1 as the manager of Group3.
Correct Answer: B
QUESTION 23
Your network contains an Active Directory domain named contoso.com.
You have a Group Policy object (GPO) named GPO1. GPO1 is linked to an organizational unit (OU) named OU1.
GPO1 contains several corporate desktop restrictions that apply to all computers.
You plan to deploy a printer to the computers in OU1.
You need to ensure that any user who signs in to a computer that runs Windows 10 in OU1 receives the new printer. All
of the computers in OU1 must continue to apply the corporate desktop restrictions from GPO1.
What should you configure?
A. a user preference and a WMI filter on GPO1.
B. a computer preference that uses item-level targeting
C. a computer preference and WMI filter on GPO1
D. a user preference that uses item-level targeting
Correct Answer: D
QUESTION 24
A technician named Tech1 is assigned the task of joining the laptops to the domain. The computer accounts of each
laptop must be in an organizational unit (OU) that is associated to the department of the user who will use that laptop.
The
laptop names must start with four characters indicating the department followed by a four-digit number
Tech1 is a member of the Domain Users group only. Tech1 has the administrator logon credentials for all the laptops.
You need Tech1 to join the laptops to the domain. The solution must ensure that the laptops are named correctly, and
that the computer accounts of the laptops are in the correct OUs.
Solution: You script the creation of files for an offline domain join, and then you give the files to Tech1.
You instruct Tech1 to sign in to each laptop, and then to run djoin.exe.
Does this meet the goal?
A. Yes
B. No
Correct Answer: A
QUESTION 25
Note: This question is part of a series of questions that use the same scenario. For your convenience, the scenario is
repeated in each question. Each question presents a different goal and answer choices, but the text of the scenario is
exactly the same in each question in this series.
Start of repeated scenario.
Your network contains an Active Directory domain named contoso.com. The domain contains a single site named Site1.
All computers are in Site1.
The Group Policy objects (GPOs) for the domain are configured as shown in the exhibit.
(Click the Exhibit button.)
The relevant users and client computer in the domain are configured as shown in the following table.
End of repeated scenario.
You are evaluating what will occur when you disable the Group Policy link for A6. Which GPOs will apply to User2 when
the user signs in to Computer1 after the link for A6 is disabled?
A. A1 and A5 only
B. A3, A1, and A5 only
C. A3, A1, A5, and A4 only
D. A3, A1, A5, and A7
Correct Answer: D
QUESTION 26
You network contains an active Directory domain. The domain contains 20 domain controllers.
You discover that some Group Policy objects (PROs) are not being applied by all the domain controllers.
You need to verify whether GPOs replicate successfully to all the domain controllers.
What should you do?
A. Set BurFlags in the registry, and then restart the File Replication Service (FRS). Run dcdiag.exe for each domain
controller.
B. Set BurFlags in the registry, and then restart the File Replication Service (FRS). View the Directory Service event
log.
C. From Group Policy Management, view the Status tab for the domain.
D. Run repadmin.exe for each GPO.
Correct Answer: D
QUESTION 27
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains
a unique solution. Determine whether the solution meets the stated goals.
Your network contains an Active Directory domain named contoso.com. The domain contains a DNS server named
Server1. All client computers run Windows 10.
On Server1, you have the following zone configuration.You need to ensure that all of the client computers in the domain perform DNSSEC validation for the fabrikam.com
namespace.
Solution: From a Group Policy object (GPO) in the domain, you add a rule to the Name Resolution Policy Table
(NRPT).
Does this meet the goal?
A. Yes
B. No
Correct Answer: A
The NRPT stores configurations and settings that are used to deploy DNS Security Extensions (DNSSEC), and also
stores information related to DirectAccess, a remote access technology.
Note: The Name Resolution Policy Table (NRPT) is a new feature available in Windows Server 2008 R2. The NRPT is a
table that contains rules you can configure to specify DNS settings or special behavior for names or namespaces. When
performing DNS name resolution, the DNS Client service checks the NRPT before sending a DNS query. If a DNS
query or response matches an entry in the NRPT, it is handled according to settings in the policy. Queries and
responses that do not match an NRPT entry are processed normally.
References: https://technet.microsoft.com/en-us/library/ee649207(v=ws.10).aspx
QUESTION 28
Your network contains an Active Directory domain named contoso.com. The domain contains an enterprise certification
authority (CA) named CA1.
You duplicate the Computer certificate template, and you name the template Cont_Computers.
You need to ensure that all of the certificates issued based on Cont_Computers have a key size of 4,096 bits.
What should you do?
A. From the properties of CA1, modify the Security settings.
B. From the properties of CA1, modify the Request Handling settings.
C. From the properties of the Computer template, modify the Key Attestation settings.
D. From the properties of Cont_Computers, modify the Cryptography settings.
Correct Answer: C
QUESTION 29
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains
a unique solution that might meet the stated goals. Some question sets might have more than one correct solution,
while
others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not
appear in the review screen.
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1
that runs Windows Server 2016. The Computer account for Server1 is in organizational unit (OU) named OU1.
You create a Group Policy object (GPO) named GPO1 and link GPO1 to OU1.
You need to add a domain user named user1 to the local Administrators group on Server1.
Solution: From the Computer Configuration node of GPO1, you configure the local Users and Groups preference.
Does this meet the goal?
A. Yes
B. No
Correct Answer: A
QUESTION 30
Your network contains an Active Directory domain named contoso.com. The domain contains a user named User1 and
an organizational unit (OU) named OU1.
You create a Group Policy object (GPO) named GPO1.
You need to ensure that User1 can link GPO1 to OU1.
What should you do?
A. Modify the security setting of User1.
B. Add User1 to the Group Policy Creator Owner group.
C. Modify the security setting of OU1.
D. Modify the security setting of GPO1.
Correct Answer: D
We offer more ways to make it easier for everyone to learn, and YouTube is the best tool in the video. Follow channels: https://www.youtube.com/@lead4pass116 get more useful exam content.
Latest Microsoft MCSA 70-742 YouTube videos:
Share 30 of the latest and effective 70-742 exam dumps and Practice test questions for free, 100% real and effective exam questions and answers! Get the full 70-742 dumps:https://www.leads4pass.com/70-742.html
(Total questions:224 Q&A)
[PDF] Free Microsoft MCSA 70-742 pdf dumps download from Google Drive: https://drive.google.com/open?id=1z-4YLX55xHk9HRL327wpY62cc34TvGSa
[PDF] Free Full Microsoft pdf dumps download from Google Drive: https://drive.google.com/open?id=1AwBFPqkvdpJBfxdZ3nGjtkHQZYdBsRVz
leads4pass Promo Code 12% Off
related cisco 210-451 dumps: https://www.examscode.com/new-cisco-210-451-dumps/