Download Identity with Windows Server 2016.70-742.PassLeader.2019-02-07.130q.vcex

Vendor: Microsoft
Exam Code: 70-742
Exam Name: Identity with Windows Server 2016
Date: Feb 07, 2019
File Size: 2 MB
Download Exam

How to open VCEX files?

Files with VCEX extension can be opened by ProfExam Simulator.

Download
ProfExam Simulator

Purchase
Coupon: EXAM_HUB

Discount: 20%

ProfExam Simulator ProfExam Simulator ProfExam Simulator ProfExam Simulator ProfExam Simulator

Demo Questions

Question 1
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. 
You network contains an Active Directory forest named contoso.com. The forest contains an Active Directory Rights Management Services (AD RMS) deployment. 
Your company establishes a partnership with another company named Fabrikam, Inc. The network of Fabrikam contains an Active Directory forest named fabrikam.com and an AD RMS deployment. 
You need to ensure that the users in contoso.com can access rights protected documents sent by the users in fabrikam.com. 
Solution: From AD RMS in contoso.com, you configure fabrikam.com as a trusted publisher domain.
Does this meet the goal?
  1. Yes
  2. No
Correct answer: A
Explanation:
By default, an AD RMS Licensing Server can issue use licenses for only content where it originally issued the publishing license. In some situations, this may not be acceptable. In order to specify a cluster that is allowed to issue use licenses for content protected by a different cluster, the first cluster must be defined as a trusted publishing domain. If content was published by another certification cluster either in your organization, for example, a subsidiary organization in another forest, or in a separate organization, your AD RMS cluster can grant use licenses to users for this content by configuring a Trusted Publishing Domain on your AD RMS cluster. By adding a Trusted Publishing Domain, you set up a trust relationship between your AD RMS cluster and the other certification cluster by importing the Trusted Publishing Certificate of the other cluster. References: https://books.google.co.za/books?id=gjR-BAAAQBAJ&pg=PA397&lpg=PA397&dq=configure+a+partners+forest+as+a+trusted+publishing+domain+-+AD+RMS&source=bl&ots=mohQXTyW9s&sig=NJ7oFHuLYOs72o9EM-yQiIscUW8&hl=en&sa=X&ved=0ahUKEwjuivW24sPbAhWGRMAKHQcEB6EQ6AEIOzAD#v=onepage&q=configure%20a%20partners%20forest%20as%20a%20trusted%20publishing%20domain%20-%20AD%20RMS&f=false
By default, an AD RMS Licensing Server can issue use licenses for only content where it originally issued the publishing license. In some situations, this may not be acceptable. In order to specify a cluster that is allowed to issue use licenses for content protected by a different cluster, the first cluster must be defined as a trusted publishing domain. If content was published by another certification cluster either in your organization, for example, a subsidiary organization in another forest, or in a separate organization, your AD RMS cluster can grant use licenses to users for this content by configuring a Trusted Publishing Domain on your AD RMS cluster. By adding a Trusted Publishing Domain, you set up a trust relationship between your AD RMS cluster and the other certification cluster by importing the Trusted Publishing Certificate of the other cluster. 
References: https://books.google.co.za/books?id=gjR-BAAAQBAJ&pg=PA397&lpg=PA397&dq=configure+a+partners+forest+as+a+trusted+publishing+domain+-+AD+RMS&source=bl&ots=mohQXTyW9s&sig=NJ7oFHuLYOs72o9EM-yQiIscUW8&hl=en&sa=X&ved=0ahUKEwjuivW24sPbAhWGRMAKHQcEB6EQ6AEIOzAD#v=onepage&q=configure%20a%20partners%20forest%20as%20a%20trusted%20publishing%20domain%20-%20AD%20RMS&f=false
Question 2
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. 
You network contains an Active Directory forest named contoso.com. The forest contains an Active Directory Rights Management Services (AD RMS) deployment. 
Your company establishes a partnership with another company named Fabrikam, Inc. The network of Fabrikam contains an Active Directory forest named fabrikam.com and an AD RMS deployment. 
You need to ensure that the users in contoso.com can access rights protected documents sent by the users in fabrikam.com. 
Solution: From AD RMS in contoso.com, you configure fabrikam.com as a trusted user domain.
Does this meet the goal?
  1. Yes
  2. No
Correct answer: B
Explanation:
Contoso would need to be the Trusted User Domain. References: https://books.google.co.za/books?id=gjR-BAAAQBAJ&pg=PA397&lpg=PA397&dq=configure+a+partners+forest+as+a+trusted+publishing+domain+-+AD+RMS&source=bl&ots=mohQXTyW9s&sig=NJ7oFHuLYOs72o9EM-yQiIscUW8&hl=en&sa=X&ved=0ahUKEwjuivW24sPbAhWGRMAKHQcEB6EQ6AEIOzAD#v=onepage&q=configure%20a%20partners%20forest%20as%20a%20trusted%20publishing%20domain%20-%20AD%20RMS&f=false
Contoso would need to be the Trusted User Domain. 
References: https://books.google.co.za/books?id=gjR-BAAAQBAJ&pg=PA397&lpg=PA397&dq=configure+a+partners+forest+as+a+trusted+publishing+domain+-+AD+RMS&source=bl&ots=mohQXTyW9s&sig=NJ7oFHuLYOs72o9EM-yQiIscUW8&hl=en&sa=X&ved=0ahUKEwjuivW24sPbAhWGRMAKHQcEB6EQ6AEIOzAD#v=onepage&q=configure%20a%20partners%20forest%20as%20a%20trusted%20publishing%20domain%20-%20AD%20RMS&f=false
Question 3
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. 
Your network contains an Active Directory forest named contoso.com. The forest contains a member server named Server1 that runs Windows Server 2016. All domain controllers run Windows Server 2012 R2. 
Contoso.com has the following configuration. 
PS C:\> (Get-ADForest).ForestMode
Windows2008R2Forest 
PS C:\> (Get-ADDomain).DomainMode
Windows2008R2Domain 
PS C:\>
You plan to deploy an Active Directory Federation Services (AD FS) farm on Server1 and to configure device registration. 
You need to configure Active Directory to support the planned deployment. 
Solution: You upgrade a domain controller to Windows Server 2016.
Does this meet the goal?
  1. Yes
  2. No
Correct answer: A
Explanation:
Device Registration requires Windows Server 2012 R2 forest schema. Upgrading a domain controller will run adprep.exe to upgrade the schema as part of the upgrade process. References:https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/deployment/configure-a-federation-server-with-device-registration-servicehttps://docs.microsoft.com/en-us/windows-server/identity/ad-ds/deploy/upgrade-domain-controllers-to-windows-server-2012-r2-and-windows-server-2012
Device Registration requires Windows Server 2012 R2 forest schema. Upgrading a domain controller will run adprep.exe to upgrade the schema as part of the upgrade process. 
References:
https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/deployment/configure-a-federation-server-with-device-registration-service
https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/deploy/upgrade-domain-controllers-to-windows-server-2012-r2-and-windows-server-2012
Question 4
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. 
Your network contains an Active Directory forest named contoso.com. The forest contains a member server named Server1 that runs Windows Server 2016. All domain controllers run Windows Server 2012 R2. 
Contoso.com has the following configuration. 
PS C:\> (Get-ADForest).ForestMode
Windows2008R2Forest 
PS C:\> (Get-ADDomain).DomainMode
Windows2008R2Domain 
PS C:\>
You plan to deploy an Active Directory Federation Services (AD FS) farm on Server1 and to configure device registration. 
You need to configure Active Directory to support the planned deployment. 
Solution: You raise the domain functional level to Windows Server 2012 R2.
Does this meet the goal?
  1. Yes
  2. No
Correct answer: B
Explanation:
Device Registration requires Windows Server 2012 R2 forest schema (not just domain schema). References: https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/deployment/configure-a-federation-server-with-device-registration-service
Device Registration requires Windows Server 2012 R2 forest schema (not just domain schema). 
References: https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/deployment/configure-a-federation-server-with-device-registration-service
Question 5
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. 
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2016. The computer account for Server1 is in organizational unit (OU) named OU1. 
You create a Group Policy object (GPO) named GPO1 and link GPO1 to OU1. 
You need to add a domain user named User1 to the local Administrators group on Server1. 
Solution: From a domain controller, you run the Set-AdComputer cmdlet.
Does this meet the goal?
  1. Yes
  2. No
Correct answer: B
Explanation:
The Set-AdComputer cmdlet modifies an Active Directory computer object. It will not allow you to add a domain user to a local Administrators group. References: https://technet.microsoft.com/es-es/library/hh852268(v=wps.620).aspx
The Set-AdComputer cmdlet modifies an Active Directory computer object. It will not allow you to add a domain user to a local Administrators group. 
References: https://technet.microsoft.com/es-es/library/hh852268(v=wps.620).aspx
Question 6
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. 
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2016. The computer account for Server1 is in organizational unit (OU) named OU1. 
You create a Group Policy object (GPO) named GPO1 and link GPO1 to OU1. 
You need to add a domain user named User1 to the local Administrators group on Server1. 
Solution: From the Computer Configuration node of GPO1, you configure the Account Policies settings.
Does this meet the goal?
  1. Yes
  2. No
Correct answer: B
Explanation:
Account Lockout Policy settings encapsulates Password Policy, Account Lockout Policy, and Kerberos Policy. It will not allow you to add a domain user to a local Administrators group. References: https://technet.microsoft.com/pt-pt/library/cc757692(v=ws.10).aspx
Account Lockout Policy settings encapsulates Password Policy, Account Lockout Policy, and Kerberos Policy. It will not allow you to add a domain user to a local Administrators group. 
References: https://technet.microsoft.com/pt-pt/library/cc757692(v=ws.10).aspx
Question 7
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. 
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named Server1. 
You recently restored a backup of the Active Directory database from Server1 to an alternate Location. The restore operation does not interrupt the Active Directory services on Server1. 
You need to make the Active Directory data in the backup accessible by using Lightweight Directory Access Protocol (LDAP). 
Which tool should you use?
  1. Dsadd quota
  2. Dsmod
  3. Active Directory Administrative Center
  4. Dsacls
  5. Dsamain
  6. Active Directory Users and Computers
  7. Ntdsutil
  8. Group Policy Management Console
Correct answer: E
Explanation:
Dsamain.exe, allows an ntds.dit file to be mounted and exposed as an LDAP server, which means you can use such familiar tools as ADSIEdit, LDP.exe, and Active Directory Users and Computers to interact with a mounted database. References:http://www.itprotoday.com/windows-8/using-active-directory-snapshots-and-dsamain-tool
Dsamain.exe, allows an ntds.dit file to be mounted and exposed as an LDAP server, which means you can use such familiar tools as ADSIEdit, LDP.exe, and Active Directory Users and Computers to interact with a mounted database. 
References:
http://www.itprotoday.com/windows-8/using-active-directory-snapshots-and-dsamain-tool
Question 8
Note: This question is part of a series of questions that use the same or similar answer choices. An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in this series. Information and details provided in a question apply only to that question.
Your network contains an Active Directory domain named contoso.com. 
You need to limit the number of Active Directory Domain Services (AD DS) objects that a user can create in the domain. 
Which tool should you use?
  1. Dsadd quota
  2. Dsmod
  3. Active Directory Administrative Center
  4. Dsacls
  5. Dsamain
  6. Active Directory Users and Computers
  7. Ntdsutil
  8. Group Policy Management Console
Correct answer: A
Explanation:
Dsadd quota adds a quota specification to a directory partition. A quota specification determines the maximum number of directory objects that a given security principal can own in a specified directory partition. References: http://www.gatepoint.ch/cmdreferenz/html/669c06bb-d990-4caf-a239-4bc93fb66a10.htm
Dsadd quota adds a quota specification to a directory partition. A quota specification determines the maximum number of directory objects that a given security principal can own in a specified directory partition. 
References: http://www.gatepoint.ch/cmdreferenz/html/669c06bb-d990-4caf-a239-4bc93fb66a10.htm
Question 9
You have users that access web applications by using HTTPS. The web applications are located on the servers in your perimeter network. The servers use certificates obtained from an enterprise root certification authority (CA). The certificates are generated by using a custom template named WebApps. The certificate revocation list (CRL) is published to Active Directory. 
When users attempt to access the web applications from the Internet, the users report that they receive a revocation warning message in their web browser. The users do not receive the message when they access the web applications from the intranet. 
You need to ensure that the warning message is not generated when the users attempt to access the web applications from the Internet. 
What should you do?
  1. Install the Certificate Enrollment Web Service role service on a server in the perimeter network.
  2. Modify the WebApps certificate template, and then issue the certificates used by the web application servers.
  3. Install the Web Application Proxy role service on a server in the perimeter network. Create a publishing point for the CA.
  4. Modify the CRL distribution point, and then reissue the certificates used by the web application servers.
Correct answer: D
Question 10
You network contains an Active Directory domain named contoso.com. The domain contains an enterprise certification authority (CA) named CA1. 
You have a test environment that is isolated physically from the corporate network and the Internet. 
You deploy a web server to the test environment. On CA1, you duplicate the Web Server template, and you name the template Web_Cert_Test. 
For the web server, you need to request a certificate that does not contain the revocation information of CA1. 
What should you do first?
  1. From the properties of CA1, allow certificates to be published to the file system.
  2. From the properties of CA1, select Restrict enrollment agents, and then add Web_Cert_Test to the restricted enrollment agent.
  3. From the properties of Web_Cert_Test, assign the Enroll permission to the guest account.
  4. From the properties of Web_Cert_Test, set the Compatibility setting of CA1 to Windows Server 2016.
Correct answer: D
Explanation:
The option “Do not include revocation information in issued certificates checkbox” is only available with the compatibility mode set to Windows Server 2008 R2 or later. References: http://techgenix.com/certificate-revocation-checking-test-labs/
The option “Do not include revocation information in issued certificates checkbox” is only available with the compatibility mode set to Windows Server 2008 R2 or later. 
References: http://techgenix.com/certificate-revocation-checking-test-labs/
CONNECT US
HOW TO OPEN VCE FILES

Use VCE Exam Simulator to open VCE files
Avanaset

HOW TO OPEN VCEX AND EXAM FILES

Use ProfExam Simulator to open VCEX and EXAM files
ProfExam Screen

ProfExam
ProfExam at a 20% markdown

You have the opportunity to purchase ProfExam at a 20% reduced price

Get Now!