Microsoft 70-742 Actual Free Exam Questions & Community Discussion
Your network contains the Active Directory forests and domains shown in the following table.
A two-way forest trust exists between ForestA and ForestB.
Each domain in forestB contains user accounts that are used to manage servers.
You need to ensure that the user accounts used to manage the servers in forestB are members of the Server Operators groups in ForestA.
Solution: In DomainBRoot, you add the users to the Operator groups. You modify te membership of the Server Operators in ForestA.
Does this meet the goal?
A two-way forest trust exists between ForestA and ForestB.
Each domain in forestB contains user accounts that are used to manage servers.
You need to ensure that the user accounts used to manage the servers in forestB are members of the Server Operators groups in ForestA.
Solution: In DomainBRoot, you add the users to the Operator groups. You modify te membership of the Server Operators in ForestA.
Does this meet the goal?
Correct Answer: A
Vote an answer
You have an enterprise certification authority (CA).
You create a global security group named Group1.
You need to provide members of Group1 with the ability to issue and manage certificates. The solution must prevent the Group1 members from managing certificates requested by members of the Domain Admins group.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
You create a global security group named Group1.
You need to provide members of Group1 with the ability to issue and manage certificates. The solution must prevent the Group1 members from managing certificates requested by members of the Domain Admins group.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
Correct Answer: B,E
Vote an answer
Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2 that run Windows Server 2016.
Server1 has IP Address Management (IPAM) installed. Server2 has the DHCP Server role installed. The IPAM server retrieves data from Server2.
You create a domain user account named User1.
You need to ensure that User1 can use IPAM to manage DHCP.
Which command should you run on Server1? To answer, select the appropriate options in the answer area.
Server1 has IP Address Management (IPAM) installed. Server2 has the DHCP Server role installed. The IPAM server retrieves data from Server2.
You create a domain user account named User1.
You need to ensure that User1 can use IPAM to manage DHCP.
Which command should you run on Server1? To answer, select the appropriate options in the answer area.
Correct Answer:
Explanation
Your network contains an Active Directory forest. The forest contains one domain named contoso.com. The domain contains two domain controllers named DC1 and DC2. DC1 holds all of the operations master roles.
During normal network operations, you run the following commands on DC2:
Move-ADDirectoryServerOperationMasterRole -Identity "DC2" -OperationMasterRole PDCEmulator Move- ADDirectoryServerOperationMasterRole -Identity "DC2" -OperationMasterRole RIDMaster DC1 fails.
You remove DC1 from the network, and then you run the following command:
Move-ADDirectoryServerOperationMasterRole -Identity "DC2" -OperationMasterRole SchemaMaster For each of the following statements, select Yes if the statement is true. Otherwise, select No.
During normal network operations, you run the following commands on DC2:
Move-ADDirectoryServerOperationMasterRole -Identity "DC2" -OperationMasterRole PDCEmulator Move- ADDirectoryServerOperationMasterRole -Identity "DC2" -OperationMasterRole RIDMaster DC1 fails.
You remove DC1 from the network, and then you run the following command:
Move-ADDirectoryServerOperationMasterRole -Identity "DC2" -OperationMasterRole SchemaMaster For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Correct Answer:
Explanation
Your network contains an Active Directory forest named contoso.com. The forest contains the root domain and two child domains named childl.contoso.com and child2.contoso.com. Child1 contains three domain controllers named DC1, DC2, and DC3. Child2 contains one domain controller named You have two accounts named Child1\Admin1 and Child2\Admin2 that you use to perform administrative tasks. Currently, the accounts can manage only the member servers in their respective domain.
You plan to demote DC3 and to remove the Child2 domain.
You need to ensure that Admin1 can demote DC3 and that Admtn2 can demote DC4. The solution must use the principle of least privilege.
To which groups should you add Admin1 and Admin2? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You plan to demote DC3 and to remove the Child2 domain.
You need to ensure that Admin1 can demote DC3 and that Admtn2 can demote DC4. The solution must use the principle of least privilege.
To which groups should you add Admin1 and Admin2? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Correct Answer:
Explanation
References:
https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/deploy/demoting-domain-controllers-and-domai
Your network contains an Active Directory domain named contoso.com. The domain contains an administrative workstation named WKS1 that runs Windows 10.
You have a Group Policy object (GPO) named GPO1.
You download a custom administrative template that contains the following files:
You need to ensure that you can configure GPO1 by using the settings in the new administrative template.
To where should you copy each file? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You have a Group Policy object (GPO) named GPO1.
You download a custom administrative template that contains the following files:
You need to ensure that you can configure GPO1 by using the settings in the new administrative template.
To where should you copy each file? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Correct Answer:
Explanation
References:
https://support.microsoft.com/en-us/help/918239/how-to-write-custom-adm-and-admx-administrative-template-f
Your network contains an Active Directory domain named contoso.com.
You open Group Policy Management as shown in the exhibit. (Click the Exhibit button.)
You discover that some of the settings configured in the A1 Group Policy object (GPO) fail to apply to the users in the OU1 organizational unit (OU). You need to ensure that all of the settings in A1 apply to the users in OU1.
What should you do?
You open Group Policy Management as shown in the exhibit. (Click the Exhibit button.)
You discover that some of the settings configured in the A1 Group Policy object (GPO) fail to apply to the users in the OU1 organizational unit (OU). You need to ensure that all of the settings in A1 apply to the users in OU1.
What should you do?
Correct Answer: A
Vote an answer
Explanation: Only visible for EduDump members. You can sign-up / login (it's free).
Your network contains an Active Directory domain named contoso.com.
The domain contains an enterprise root certification authority (CA) on a server that runs Windows Server
2016.
You need to configure the CA to support Online Certificate Status Protocol (OCSP) responders.
Which two actions should you perform? Each correct selection presents part of the solution.
NOTE: Each correct selection is worth one point.
The domain contains an enterprise root certification authority (CA) on a server that runs Windows Server
2016.
You need to configure the CA to support Online Certificate Status Protocol (OCSP) responders.
Which two actions should you perform? Each correct selection presents part of the solution.
NOTE: Each correct selection is worth one point.
Correct Answer: B,D
Vote an answer
Explanation: Only visible for EduDump members. You can sign-up / login (it's free).
Your network contains an Active Directory domain named contoso.com. The domain contains 10 servers that run Windows Server 2016. The computer accounts of the servers are in an organizational unit (OU) named OU1.
You create a global group named Server Admins.
You need to ensure that the members of Server Admins can stop and start the Server service on the servers in OU1. The solution must use the principle of least privilege.
What should you do?
You create a global group named Server Admins.
You need to ensure that the members of Server Admins can stop and start the Server service on the servers in OU1. The solution must use the principle of least privilege.
What should you do?
Correct Answer: C
Vote an answer
Explanation: Only visible for EduDump members. You can sign-up / login (it's free).
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2016.
Server1 has IP Address Management (IPAM) installed. IPAM is configured to use the Group Policy based provisioning method. The prefix for the IPAM Group Policy objects (GPOs) is IP.
From Group Policy Management, you manually rename the IPAM GPOs to have a prefix of IPAM.
You need to modify the GPO prefix used by IPAM.
What should you do?
Server1 has IP Address Management (IPAM) installed. IPAM is configured to use the Group Policy based provisioning method. The prefix for the IPAM Group Policy objects (GPOs) is IP.
From Group Policy Management, you manually rename the IPAM GPOs to have a prefix of IPAM.
You need to modify the GPO prefix used by IPAM.
What should you do?
Correct Answer: D
Vote an answer
Explanation: Only visible for EduDump members. You can sign-up / login (it's free).
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2016.
On Server1, you create a local user named User1. User1 is a member of the local Administrators group.
Server1 has the following local Group Policies: K
* Local Computer Policy
* Local Computer\User1Policy
* Local Computer\Administrators Policy
You need to force User1 to change his password every 14 days.
Solution: You configure the Password Policy settings in a Group Policy object (GPO) that is linked to the Domain Controllers organizational unit (OU).
On Server1, you create a local user named User1. User1 is a member of the local Administrators group.
Server1 has the following local Group Policies: K
* Local Computer Policy
* Local Computer\User1Policy
* Local Computer\Administrators Policy
You need to force User1 to change his password every 14 days.
Solution: You configure the Password Policy settings in a Group Policy object (GPO) that is linked to the Domain Controllers organizational unit (OU).
Correct Answer: B
Vote an answer
Your network contains an Active Directory forest named contoso.com. The forest contains a member server named Server1. Server1 has several line-of-business applications. Each application runs as a service that uses the Network Service account. You need to configure the line-of-business applications to run by using a virtual account. What should you do?
Correct Answer: A
Vote an answer
Note: This question is part of a series of questions that use the same scenario. For you convenience, the scenario is repeated in each question. Each question presents a different goal and answer choices, but the text of the scenario is exactly the same in each question in this series.
Start of repeated scenario.
You work for a company named Contoso, Ltd.
The network contains an Active Directory forest named contoso.com. A forest trust exists between contoso.com and an Active Directory forest named adatum.com.
The contoso.com forest contains the objects configured as shown in the following table.
Group1 and Group2 contain only user accounts.
Contoso hires a new remote user named User3. User3 will work from home and will use a computer named Computer3 that runs Windows 10. Computer3 is currently in a workgroup.
An administrator named Admin1 is a member of the Domain Admins group in the contoso.com domain.
From Active Directory Users and Computers, you create an organizational unit (OU) named OU1 in the contoso.com domain, and then you create a contact named Contact1 in OU1.
An administrator of the adatum.com domain runs the Set-ADUser cmdlet to configure a user named User1 to have a user logon name of [email protected].
End of repeated scenario.
You need to ensure that User2 can add Group4 as a member of Group5.
What should you modify?
Start of repeated scenario.
You work for a company named Contoso, Ltd.
The network contains an Active Directory forest named contoso.com. A forest trust exists between contoso.com and an Active Directory forest named adatum.com.
The contoso.com forest contains the objects configured as shown in the following table.
Group1 and Group2 contain only user accounts.
Contoso hires a new remote user named User3. User3 will work from home and will use a computer named Computer3 that runs Windows 10. Computer3 is currently in a workgroup.
An administrator named Admin1 is a member of the Domain Admins group in the contoso.com domain.
From Active Directory Users and Computers, you create an organizational unit (OU) named OU1 in the contoso.com domain, and then you create a contact named Contact1 in OU1.
An administrator of the adatum.com domain runs the Set-ADUser cmdlet to configure a user named User1 to have a user logon name of [email protected].
End of repeated scenario.
You need to ensure that User2 can add Group4 as a member of Group5.
What should you modify?
Correct Answer: D
Vote an answer
0
0
0
10