Exam Deatils

  • Exam Code
    :70-742
  • Exam Name
    :Identity with Windows Server 2016
  • Certification
    :MCSA
  • Vendor
    :Microsoft
  • Total Questions
    :235 Q&As
  • Last Updated
    :Apr 17, 2019

Microsoft MCSA 70-742 Questions & Answers

  • Question 1:

    Your network contains a signle-domin Active Directory forest named contoso.com. The forest functional level is Windows Server 2016. The forest has Dynamic Access Control enabled. The domin contains two domain controllers named DC1 and DC2. Privileged user accounts used to manage Active Directory reside in a group named Contoso\AD_Admins.

    You create an authentication policy named Policy1 and an authentication policy silo named Silo1.

    You need to ensure that the accounts in the Contoso\AD-Admins group can sign in to the domain controllers only. Which three configurations should you perform? Each correction answer presents part of the solution.

    A. Create a managed service account and add the account to permitted Accounts in Silo1.

    B. Add the privileged user accounts and the domain controllers to Permitted Accounts in Silo1.

    C. Create an access control condition in Policy1.

    D. Add the domain controllers to the Contoso\AD_Admins group.

    E. Assign Silo1 to the privileged user accounts and the domain controllers.

  • Question 2:

    Your network contains an Active Directory forest. The forest contains a domain named contoso.com. The domain contains three domain controllers.

    A domain controller named lon-dc1 fails. You are unable to repair lon-dc1.

    You need to prevent the other domain controllers from attempting to replicate to lon-dc1.

    Solution: From Active Directory Domains and Trusts, you transfer the operations master roles from lon-dc1.

    Does this meet the goal?

    A. Yes

    B. No

  • Question 3:

    You have a standalone root certification authority (CA).

    You have a new security policy requirement specifying that any changes to the CA configuration must be logged.

    You need to ensure that the CA meets the new security requirement.

    Which two actions should you perform? Each correct answer presents part of the solution.

    A. From Local Group Policy Editor, configure auditing for policy change.

    B. From Local Group Policy Editor, configure auditing for object access.

    C. From the Certification Authority console, modify the Security settings for the CA.

    D. From the Certification Authority console, modify the Auditing settings for the CA.

    E. From the Certification Authority console, modify the Certificate Managers settings for the CA.

  • Question 4:

    You have an Active Directory Rights Management Services (AD RMS) server named RMS1. Multiple documents are protected by using RMS1.

    RMS1 fails and cannot be recovered.

    You install the AD RMS server role on a new server named RMS2. You restore the AD RMS database from RMS1 to RMS2.

    Users report that they fail to open the protected documents and to protect new documents.

    You need to ensure that the users can access the protected content.

    What should you do?

    A. From Active Directory Rights Management, update the Service Connection Point (SCP) for RMS1.

    B. From DNS, create an alias (CNAME) record for RMS2.

    C. From DNS, modify the service location (SRV) record for RMS1.

    D. From RMS2, register a service principal name (SPN) in Active Directory.

  • Question 5:

    Your network contains an Active Directory domain named contoso.com.

    You plan to deploy a new Active Directory Rights Management Services (AD RMS) cluster on a server named Server1.

    You need to create the AD RMS service account. The solution must use the principle of least privilege

    What should you do?

    A. Create a domain user account and add the account to the Account Operators group in the domain.

    B. Create a local user account on Server1 and add the account to the Administrators group on Server1.

    C. Create a domain user account and add the account to the Domain Users group in the domain.

    D. Create a domain user account and add the account to the Administrators group on Server1.

  • Question 6:

    Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2016.

    Server1 has IP Address Management (IPAM) installed. IPAM is configured to use the Group Policy based provisioning method. The prefix for the IPAM Group Policy objects (GPOs) is IP.

    From Group Policy Management, you manually rename the IPAM GPOs to have a prefix of IPAM.

    You need to modify the GPO prefix used by IPAM.

    What should you do?

    A. Click Configure server discovery in Server Manager.

    B. Run the Set-IpamConfiguration cmdlet.

    C. Run the Invoke-IpamGpoProvisioning cmdlet.

    D. Click Provision the IPAM server in Server Manager.

  • Question 7:

    Your company recently deployed a new child domain to an Active Directory forest.

    You discover that a user modified the Default Domain Policy to configure several Windows components in the child domain.

    A company policy states that the Default Domain Policy must be used only to configure domain-wide security settings.

    You create a new Group Policy object (GPO) and configure the settings for the Windows components in the new GPO.

    You need to restore the Default Domain Policy to the default settings from when the domain was first installed.

    What should you do?

    A. From Group Policy Management, click Starter GPOs, and then click Manage Backups.

    B. From a command prompt, run the dcgpofix.exe command.

    C. From Windows PowerShell, run the Copy-GPO cmdlet.

    D. Run ntdsutil.exe to perform a metadata cleanup and a semantic database analysis.

  • Question 8:

    Your network contains an Active Directory domain named contoso.com.

    Domain users use smart cards to sign in to their client computer.

    Some users report that it takes a long time to sign in to their computer and that the logon attempt times out, so they must restart the sign in process.

    You discover that the issues to checking the certificate revocation list (CRL) of the smart card certificates.

    You need to resolve the issue without diminishing the security of the smart card logons.

    What should you do?

    A. From the properties of the smart card's certificate template, modify the Request Handling settings.

    B. From the properties of the smart card's certificate template, modify the Issuance Requirements settings.

    C. Deactivate certificate revocation checks on the computers.

    D. Implement an Online Certification Status Protocol (OCSP) responder.

  • Question 9:

    You network contains an Active Directory domain named contoso.com. The domain contains an Active Directory Federation Services (AD FS) server named ADFS1, a Web Application Proxy server named WAP1, and a web server named Web1.

    You need to publish a website on Web1 by using the Web Application Proxy. Users will authenticate by using OAuth2 preauthentication.

    What should you do first?

    A. On Web1, add site bindings.

    B. On Web1, add handler mappings.

    C. On ADFS1, enable an endpoint.

    D. On ADFS1, add a claims provider trust.

  • Question 10:

    Your network contains an Active Directory domain named contoso.com.

    You open Group Policy Management as shown in the exhibit. (Click the Exhibit button.)

    You discover that some of the settings configured in the A1 Group Policy object (GPO) fail to apply to the users in the OU1 organizational unit (OU).

    You need to ensure that all of the settings in A1 apply to the users in OU1.

    What should you do?

    A. Enable loopback policy processing in A1.

    B. Block inheritance on OU1.

    C. Modify the policy processing order for OU1.

    D. Modify the GPO Status of A1.

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Microsoft exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 70-742 exam preparations and Microsoft certification application, do not hesitate to visit our Vcedump.com to find your solutions here.