• Home
• Microsoft
• 70-742 : Identity with Windows Server 2016

70-742 prep（11 to 20） for IT engineers: Nov 2021 Edition

---

Actualtests offers free demo for 70-742 exam. "Identity with Windows Server 2021", also known as 70-742 exam, is a Microsoft Certification. This set of posts, Passing the Microsoft 70-742 exam, will help you answer those questions. The 70-742 Questions & Answers covers all the knowledge points of the real exam. 100% real Microsoft 70-742 exams and revised by experts!

Q11. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You network contains an Active Directory forest named contoso.com. The forest contains an Active Directory Rights Management Services (AD RMS) deployment.

Your company establishes a partnership with another company named Fabrikam, Inc. The network of Fabrikam contains an Active Directory forest named fabrikam.com and an AD RMS deployment.

You need to ensure that the users in contoso.com can access rights protected documents sent by the users in fabrikam.com.

Solution: From AD RMS in contoso.com, you configure fabrikam.com as a trusted user domain.

Does this meet the goal?

A. Yes

B. No

Answer: B

Explanation:

Contoso would need to be the Trusted User Domain.

             

20. Your network contains an Active Directory domain named contoso.com.

You have a Group Policy object (GPO) named GPO1. GPO1 is linked to an organizational unit (OU) named OU1.

GPO1 contains several corporate desktop restrictions that apply to all computers. You plan to deploy a printer to the computers in OU1.

You need to ensure that any user who signs in to a computer that runs Windows 10 in OU1 receives the new printer. All of the computers in OU1 must continue to apply the corporate desktop restrictions from GPO1.

What should you configure?

A. a user preference and a WMI filter on GPO1.

B. a computer preference that uses item-level targeting

C. a computer preference and WMI filter on GPO1

D. a user preference that uses item-level targeting

Answer: D

Q12. HOTSPOT

You have a server named Server1 that runs Windows Server 2021. Server1 has the Web Application Proxy role service installed.

You are publishing an application named App1 that will use Integrated Windows authentication as shown in the following graphic.

Use the drop-down menus to select the answer area choice that completes each statement based on the information presented in the graphic.

Answer:

Q13. Your company recently deployed a new child domain to an Active Directory forest.

You discover that a user modified the Default Domain Policy to configure several Windows components in the child domain.

A company policy states that the Default Domain Policy must be used only to configure domain-wide security settings.

You create a new Group Policy object (GPO) and configure the settings for the Windows components in the new GPO.

You need to restore the Default Domain Policy to the default settings from when the domain was first installed.

What should you do?

A. From Group Policy Management, click Starter GPOs, and then click Manage Backups.

B. From a command prompt, run the dcgpofix.exe command.

C. From Windows PowerShell, run the Copy-GPO cmdlet.

D. Run ntdsutil.exe to perform a metadata cleanup and a semantic database analysis.

Answer: B

Q14. Your network contains an Active Directory forest named contoso.com.

A partner company has a forest named fabrikam.com. Each forest contains one domain. You need to provide access for a group named Research in fabrikam.com to resources in

contoso.com. The solution must use the principle of least privilege. What should you do?

A. Create an external trust from fabrikam.com to contoso.com. Enable Active Directory split permissions in fabrikam.com.

B. Create an external trust from contoso.com to fabrikam.com. Enable Active Directory split permissions in contoso.com.

C. Create a one-way forest trust from contoso.com to fabrikam.com that uses selective authentication.

D. Create a one-way forest trust from fabrikam.com to contoso.com that uses selective authentication.

Answer: C

Q15. Note: This question is part of a series of questions that use the same scenario. For your convenience, the scenario is repeated in each question. Each question presents a different goal and answer choices, but the text of the scenario is exactly the same in each question in this series.

Start of repeated scenario.

You work for a company named Contoso, Ltd.

The network contains an Active Directory forest named contoso.com. A forest trust exists between contoso.com and an Active Directory forest named adatum.com.

The contoso.com forest contains the objects configured as shown in the following table.

Group1 and Group2 contain only user accounts.

Contoso hires a new remote user named User3. User3 will work from home and will use a computer named Computer3 that runs Windows 10. Computer3 is currently in a workgroup.

An administrator named Admin1 is a member of the Domain Admins group in the contoso.com domain.

From Active Directory Users and Computers, you create an organizational unit (OU) named OU1 in the contoso.com domain, and then you create a contact named Contact1 in OU1.

An administrator of the adatum.com domain runs the Set-ADUser cmdlet to configure a user named User1 to have a user logon name of User1@litwareinc.com.

End or repeated scenario.

You need to ensure that Admin1 can add Group2 as a member of Group3. What should you modify?

A. Modify the Security settings of Group3.

B. Modify the group scope of Group3.

C. Modify the group type of Group3.

D. Set Admin1 as the manager of Group3.

Answer: B

Q16. DRAG DROP

You network contains an Active Directory forest. The forest contains an Active Directory Federation Services (AD FS) deployment.

The AD FS deployment contains the following:

You create a Microsoft Office 365 tenant named contoso.onmicrosoft.com. You use Microsoft Azure Active Directory Connect (AD Connect) to synchronize all of the users and the UPNs from the contoso.com forest to Office 365.

You need to configure federation between Office 365 and the on-premises deployment of Active Directory.

Which three commands should you run in sequence from Server1? To answer, move the appropriate commands from the list of commands to the answer area and arrange them in the correct order.

Answer:

Q17. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2021. The computer account for Server1 is in organizational unit (OU) named OU1.

You create a Group Policy object (GPO) named GPO1 and link GPO1 to OU1.

You need to add a domain user named User1 to the local Administrators group on Server1. Solution: From the Computer Configuration node of GPO1, you configure the Account

Policies settings.

Does this meet the goal?

A. Yes

B. No

Answer: B

Q18. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You network contains an Active Directory forest named contoso.com. The forest contains an Active Directory Rights Management Services (AD RMS) deployment.

Your company establishes a partnership with another company named Fabrikam, Inc. The network of Fabrikam contains an Active Directory forest named fabrikam.com and an AD RMS deployment.

You need to ensure that the users in contoso.com can access rights protected documents sent by the users in fabrikam.com.

Solution: From AD RMS in contoso.com, you configure fabrikam.com as a trusted user domain.

Does this meet the goal?

A. Yes

B. No

Answer: B

Explanation:

Contoso would need to be the Trusted User Domain.

             

20. Your network contains an Active Directory domain named contoso.com.

You have a Group Policy object (GPO) named GPO1. GPO1 is linked to an organizational unit (OU) named OU1.

GPO1 contains several corporate desktop restrictions that apply to all computers. You plan to deploy a printer to the computers in OU1.

You need to ensure that any user who signs in to a computer that runs Windows 10 in OU1 receives the new printer. All of the computers in OU1 must continue to apply the corporate desktop restrictions from GPO1.

What should you configure?

A. a user preference and a WMI filter on GPO1.

B. a computer preference that uses item-level targeting

C. a computer preference and WMI filter on GPO1

D. a user preference that uses item-level targeting

Answer: D

Q19. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You network contains an Active Directory forest named contoso.com. The forest contains an Active Directory Rights Management Services (AD RMS) deployment.

Your company establishes a partnership with another company named Fabrikam, Inc. The network of Fabrikam contains an Active Directory forest named fabrikam.com and an AD RMS deployment.

You need to ensure that the users in contoso.com can access rights protected documents sent by the users in fabrikam.com.

Solution: From AD RMS in contoso.com, you configure fabrikam.com as a trusted publisher domain.

Does this meet the goal?

A. Yes

B. No

Answer: A

Q20. Note: This question is part of a series of questions that use the same or similar answer choices. An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in this series. Information and details provided in a question apply only to that question.

Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named Server1.

You recently restored a backup of the Active Directory database from Server1 to an alternate Location.

The restore operation does not interrupt the Active Directory services on Server1.

You need to make the Active Directory data in the backup accessible by using Lightweight Directory Access Protocol (LDAP).

Which tool should you use?

A. Dsadd quota

B. Dsmod

C. Active Directory Administrative Center

D. Dsacls

E. Dsamain

F. Active Directory Users and Computers

G. Ntdsutil

H. Group Policy Management Console

Answer: E