70-742 Exam
Tips to Pass 70-742 Exam (21 to 28)
Master the 70-742 Identity with Windows Server 2021 content and be ready for exam day success quickly with this Examcollection 70-742 exams. We guarantee it!We make it a reality and give you real 70-742 questions in our Microsoft 70-742 braindumps.Latest 100% VALID Microsoft 70-742 Exam Questions Dumps at below page. You can use our Microsoft 70-742 braindumps and pass your exam.
Q21. Note: This question is part of a series of questions that use the same or similar answer choices. An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in this series. Information and details provided in a question apply only to that question.
Your network contains an Active Directory forest named contoso.com. The forest functional level is Windows Server 2012 R2.
You need to ensure that a domain administrator can recover a deleted Active Directory object quickly.
Which tool should you use?
A. Dsadd quota
B. Dsmod
C. Active Directory Administrative Center
D. Dsacls
E. Dsamain
F. Active Directory Users and Computers
G. Ntdsutil
H. Group Policy Management Console
Answer: C
Q22. You have users that access web applications by using HTTPS. The web applications are located on the servers in your perimeter network. The servers use certificates obtained from an enterprise root certification authority (CA). The certificates are generated by using a custom template named WebApps. The certificate revocation list (CRL) is published to Active Directory.
When users attempt to access the web applications from the Internet, the users report that they receive a revocation warning message in their web browser. The users do not receive the message when they access the web applications from the intranet.
You need to ensure that the warning message is not generated when the users attempt to access the web applications from the Internet.
What should you do?
A. Install the Certificate Enrollment Web Service role service on a server in the perimeter network.
B. Modify the WebApps certificate template, and then issue the certificates used by the web application servers.
C. Install the Web Application Proxy role service on a server in the perimeter network. Create a publishing point for the CA.
D. Modify the CRL distribution point, and then reissue the certificates used by the web application servers.
Answer: C
Q23. Your network contains an Active Directory forest named contoso.com.
A partner company has a forest named fabrikam.com. Each forest contains one domain. You need to provide access for a group named Research in fabrikam.com to resources in
contoso.com. The solution must use the principle of least privilege. What should you do?
A. Create an external trust from fabrikam.com to contoso.com. Enable Active Directory split permissions in fabrikam.com.
B. Create an external trust from contoso.com to fabrikam.com. Enable Active Directory split permissions in contoso.com.
C. Create a one-way forest trust from contoso.com to fabrikam.com that uses selective authentication.
D. Create a one-way forest trust from fabrikam.com to contoso.com that uses selective authentication.
Answer: C
Q24. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You network contains an Active Directory forest named contoso.com. The forest contains an Active Directory Rights Management Services (AD RMS) deployment.
Your company establishes a partnership with another company named Fabrikam, Inc. The network of Fabrikam contains an Active Directory forest named fabrikam.com and an AD RMS deployment.
You need to ensure that the users in contoso.com can access rights protected documents sent by the users in fabrikam.com.
Solution: From AD RMS in contoso.com, you configure fabrikam.com as a trusted publisher domain.
Does this meet the goal?
A. Yes
B. No
Answer: A
Q25. HOTSPOT
Note: This question is part of a series of questions that use the same scenario. For you convenience, the scenario is repeated in each question. Each question presents a different goal and answer choices, but the text of the scenario is exactly the same in each question in this series.
Start of repeated scenario.
You work for a company named Contoso, Ltd.
The network contains an Active Directory forest named contoso.com. A forest trust exists between contoso.com and an Active Directory forest named adatum.com.
The contoso.com forest contains the objects configured as shown in the following table.
Group1 and Group2 contain only user accounts.
Contoso hires a new remote user named User3. User3 will work from home and will use a computer named Computer3 that runs Windows 10. Computer3 is currently in a workgroup.
An administrator named Admin1 is a member of the Domain Admins group in the contoso.com domain.
From Active Directory Users and Computers, you create an organizational unit (OU) named OU1 in the contoso.com domain, and then you create a contact named Contact1 in OU1.
An administrator of the adatum.com domain runs the Set-ADUser cmdlet to configure a user named User1 to have a user logon name of User1@litwareinc.com.
End or repeated scenario.
You need to join Computer3 to the contoso.com domain by using offline domain join. Which command should you use in the contoso.com domain and on Computer3? To
answer, select the appropriate options in the answer area.
Answer:
Q26. Your network contains an Active Directory forest named contoso.com. The forest contains several domains.
An administrator named Admin01 installs Windows Server 2021 on a server named Server1 and then joins Server1 to the contoso.com domain.
Admin01 plans to configure Server1 as an enterprise root certification authority (CA).
You need to ensure that Admin01 can configure Server1 as an enterprise CA. The solution must use the principle of least privilege.
To which group should you add Admin01?
A. Server Operators in the contoso.com domain
B. Cert Publishers on Server1
C. Enterprise Key Admins in the contoso.com domain
D. Enterprise Admins in the contoso.com domain.
Answer: D
Q27. HOTSPOT
Note: This question is part of a series of questions that use the same scenario. For you convenience, the scenario is repeated in each question. Each question presents a different goal and answer choices, but the text of the scenario is exactly the same in each question in this series.
Start of repeated scenario.
You work for a company named Contoso, Ltd.
The network contains an Active Directory forest named contoso.com. A forest trust exists between contoso.com and an Active Directory forest named adatum.com.
The contoso.com forest contains the objects configured as shown in the following table.
Group1 and Group2 contain only user accounts.
Contoso hires a new remote user named User3. User3 will work from home and will use a computer named Computer3 that runs Windows 10. Computer3 is currently in a workgroup.
An administrator named Admin1 is a member of the Domain Admins group in the contoso.com domain.
From Active Directory Users and Computers, you create an organizational unit (OU) named OU1 in the contoso.com domain, and then you create a contact named Contact1 in OU1.
An administrator of the adatum.com domain runs the Set-ADUser cmdlet to configure a user named User1 to have a user logon name of User1@litwareinc.com.
End or repeated scenario.
You need to join Computer3 to the contoso.com domain by using offline domain join. Which command should you use in the contoso.com domain and on Computer3? To
answer, select the appropriate options in the answer area.
Answer:
Q28. Note: This question is part of a series of questions that use the same or similar answer choices. An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in this series.
Information and details provided in a question apply only to that question.
Your network contains an Active Directory domain named contoso.com. The domain contains 5,000 user accounts.
You have a Group Policy object (GPO) named DomainPolicy that is linked to the domain and a GPO named DCPolicy that is linked to the Domain Controllers organizational unit (OU).
You need to use the application control policy settings to prevent several applications from running on the network.
What should you do?
A. From the Computer Configuration node of DCPolicy, modify Security Settings.
B. From the Computer Configuration node of DomainPolicy, modify Security Settings.
C. From the Computer Configuration node of DomainPolicy, modify Administrative Templates.
D. From the User Configuration node of DCPolicy, modify Security Settings.
E. From the User Configuration node of DomainPolicy, modify Folder Redirection.
F. From user Configuration node of DomainPolicy, modify Administrative Templates.
G. From Preferences in the User Configuration node of DomainPolicy, modify Windows Settings.
H. From Preferences in the Computer Configuration node of DomainPolicy, modify Windows Settings.
Answer: B