Download Microsoft.70-742.PracticeTest.2018-08-11.94q.tqb

Download Exam

File Info

Exam Identity with Windows Server 2016
Number 70-742
File Name Microsoft.70-742.PracticeTest.2018-08-11.94q.tqb
Size 3 MB
Posted Aug 11, 2018
Download Microsoft.70-742.PracticeTest.2018-08-11.94q.tqb

How to open VCEX & EXAM Files?

Files with VCEX & EXAM extensions can be opened by ProfExam Simulator.

Download
ProfExam Simulator

Purchase

Coupon: MASTEREXAM
With discount: 20%



Exam Hub discount


Demo Questions

Question 1

Note: This question is part of a series of questions that use the same or similar answer choices. An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in this series. Information and details provided in a question apply only to that question.
Your network contains an Active Directory forest named contoso.com. The forest functional level is Windows Server 2012 R2. 
You need to ensure that a domain administrator can recover a deleted Active Directory object quickly. 
Which tool should you use?


  1. Dsadd quota
  2. Dsmod
  3. Active Directory Administrative Center
  4. Dsacls
  5. Dsamain
  6. Active Directory Users and Computers
  7. Ntdsutil
  8. Group Policy Management Console
Correct answer: C
Explanation:
You can restore objects from the Active Directory Recycle Bin by using Active Directory Administrative Center. References: https://blogs.technet.microsoft.com/canitpro/2014/07/28/step-by-step-restoring-a-deleted-object-via-active-directory-recycle-bin/
You can restore objects from the Active Directory Recycle Bin by using Active Directory Administrative Center. 
References: https://blogs.technet.microsoft.com/canitpro/2014/07/28/step-by-step-restoring-a-deleted-object-via-active-directory-recycle-bin/



Question 2

You have users that access web applications by using HTTPS. The web applications are located on the servers in your perimeter network. The servers use certificates obtained from an enterprise root certification authority (CA). The certificates are generated by using a custom template named WebApps. The certificate revocation list (CRL) is published to Active Directory. 
When users attempt to access the web applications from the Internet, the users report that they receive a revocation warning message in their web browser. The users do not receive the message when they access the web applications from the intranet. 
You need to ensure that the warning message is not generated when the users attempt to access the web applications from the Internet. 
What should you do?


  1. Install the Certificate Enrollment Web Service role service on a server in the perimeter network.
  2. Modify the WebApps certificate template, and then issue the certificates used by the web application servers.
  3. Install the Web Application Proxy role service on a server in the perimeter network. Create a publishing point for the CA.
  4. Modify the CRL distribution point, and then reissue the certificates used by the web application servers.
Correct answer: D



Question 3

You network contains an Active Directory domain named contoso.com. The domain contains an enterprise certification authority (CA) named CA1. 
You have a test environment that is isolated physically from the corporate network and the Internet. 
You deploy a web server to the test environment. On CA1, you duplicate the Web Server template, and you name the template Web_Cert_Test. 
For the web server, you need to request a certificate that does not contain the revocation information of CA1. 
What should you do first?


  1. From the properties of CA1, allow certificates to be published to the file system.
  2. From the properties of CA1, select Restrict enrollment agents, and then add Web_Cert_Test to the restricted enrollment agent.
  3. From the properties of Web_Cert_Test, assign the Enroll permission to the guest account.
  4. From the properties of Web_Cert_Test, set the Compatibility setting of CA1 to Windows Server 2016.
Correct answer: D
Explanation:
The option “Do not include revocation information in issued certificates checkbox” is only available with the compatibility mode set to Windows Server 2008 R2 or later. References: http://techgenix.com/certificate-revocation-checking-test-labs/
The option “Do not include revocation information in issued certificates checkbox” is only available with the compatibility mode set to Windows Server 2008 R2 or later. 
References: http://techgenix.com/certificate-revocation-checking-test-labs/



Question 4

Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. The domain contains a server named Server1. 
An administrator named Admin01 plans to configure Server1 as a standalone certification authority (CA). 
You need to identify to which group Admin01 must be a member to configure Server1 as a standalone CA. The solution must use the principle of least privilege. 
To which group should you add Admin01?


  1. Administrators on Server1.
  2. Domain Admins in contoso.com
  3. Cert Publishers on Server1
  4. Key Admins in contoso.com
Correct answer: A
Explanation:
When installing a Standalone CA, you must use an account that is a member of the local Administrators group. References: http://juventusitprofessional.blogspot.com/2015/06/active-directory-certificate-services.html
When installing a Standalone CA, you must use an account that is a member of the local Administrators group. 
References: http://juventusitprofessional.blogspot.com/2015/06/active-directory-certificate-services.html



Question 5

Your network contains an Active Directory forest named contoso.com. The forest contains several domains. 
An administrator named Admin01 installs Windows Server 2016 on a server named Server1 and then joins Server1 to the contoso.com domain. 
Admin01 plans to configure Server1 as an enterprise root certification authority (CA). 
You need to ensure that Admin01 can configure Server1 as an enterprise CA. The solution must use the principle of least privilege. 
To which group should you add Admin01?


  1. Server Operators in the contoso.com domain
  2. Cert Publishers on Server1
  3. Enterprise Key Admins in the contoso.com domain
  4. Enterprise Admins in the contoso.com domain.
Correct answer: D
Explanation:
To install Active Directory Certificate Services, log on as a member of both the Enterprise Admins group and the root domain's Domain Admins group. References: https://docs.microsoft.com/en-us/windows-server/networking/core-network-guide/cncg/server-certs/install-the-certification-authority
To install Active Directory Certificate Services, log on as a member of both the Enterprise Admins group and the root domain's Domain Admins group. 
References: https://docs.microsoft.com/en-us/windows-server/networking/core-network-guide/cncg/server-certs/install-the-certification-authority



Question 6

Your network contains an enterprise root certification authority (CA) named CA1. 
Multiple computers on the network successfully enroll for certificates that will expire in one year. The certificates are based on a template named Secure_Computer. The template uses schema version 2. 
You need to ensure that new certificates based on Secure_Computer are valid for three years. 
What should you do?


  1. Modify the Validity period for the certificate template.
  2. Instruct users to request certificates by running the certreq.exe command.
  3. Instruct users to request certificates by using the Certificates console.
  4. Modify the Validity period for the root CA certificate.
Correct answer: A



Question 7

You deploy a new enterprise certification authority (CA) named CA1. 
You plan to issue certificates based on the User certificate template. 
You need to ensure that the issued certificates are valid for two years and support autoenrollment. 
What should you do first?


  1. Run the certutil.exe command and specify the resubmit parameter.
  2. Duplicate the User certificate template.
  3. Add a new certificate template for CA1 to issue.
  4. Modify the Request Handling settings for the CA.
Correct answer: B
Explanation:
The built-in templates to do support allow auto-enrollment. You need to duplicate the template then modify the permissions on the new template. References: https://docs.centrify.com/en/centrify/adminref/index.html#page/cloudhelp/cloud-admin-install-create-cert-templates.html
The built-in templates to do support allow auto-enrollment. You need to duplicate the template then modify the permissions on the new template. 
References: https://docs.centrify.com/en/centrify/adminref/index.html#page/cloudhelp/cloud-admin-install-create-cert-templates.html



Question 8

Your network contains an Active Directory forest named contoso.com. The forest contains three domains named contoso.com, corp.contoso.com, and ext.contoso.com. The forest contains three Active Directory sites named Site1, Site2, and Site3. 
You have the three administrators as described in the following table. 
  
 
You create a Group Policy object (GPO) named GPO1. 
Which administrator or administrators can link GPO1 to Site2?


  1. Admin1 and Admin2 only
  2. Admin1, Admin2, and Admin3
  3. Admin3 only
  4. Admin1 and Admin3 only
Correct answer: D
Explanation:
To link an existing GPO to a site, domain, or OU, you must have Link GPOs permission on that site, domain, or OU. By default, only domain administrators and enterprise administrators have this privilege for domains and OUs. Enterprise administrators and domain administrators of the forest root domain have this privilege for sites. References:https://technet.microsoft.com/en-us/library/cc732979(v=ws.11).aspx
To link an existing GPO to a site, domain, or OU, you must have Link GPOs permission on that site, domain, or OU. By default, only domain administrators and enterprise administrators have this privilege for domains and OUs. Enterprise administrators and domain administrators of the forest root domain have this privilege for sites. 
References:
https://technet.microsoft.com/en-us/library/cc732979(v=ws.11).aspx



Question 9

Your network contains an Active Directory domain named contoso.com. 
The domain contains a Group Policy object (GPO) named GPO1. 
You configure the Internet Settings preference in GPO1 as shown in the exhibit.
  
A user reports that the homepage of Internet Explorer is not set to http://www.contoso.com.
You confirm that the other settings in GPO1 are applied. 
You need to configure GPO1 to set the Internet Explorer homepage. 
What should you do?


  1. Edit the GPO1 preference and press F5.
  2. Modify Security Settings for GPO1.
  3. Modify WMI Filtering for GPO1.
  4. Modify the GPO1 preference to use item-level targeting.
Correct answer: A
Explanation:
The red dotted line under the homepage URL means that setting is disabled. Pressing F5 enables all settings. References: https://community.spiceworks.com/topic/285312-add-default-website-in-group-policy
The red dotted line under the homepage URL means that setting is disabled. Pressing F5 enables all settings. 
References: https://community.spiceworks.com/topic/285312-add-default-website-in-group-policy



Question 10

You network contains an Active Directory domain named contoso.com. The domain contains 1,000 desktop computers and 500 laptops. An organizational unit (OU) named OU1 contains the computer accounts for the desktop computers and the laptops. 
You create a Windows PowerShell script named Script1.ps1 that removes temporary files and cookies. You create a Group Policy object (GPO) named GPO1 and link GPO1 to OU1. 
You need to run the script once weekly only on the laptops. 
What should you do?


  1. In GPO1, create a File preference that uses item-level targeting.
  2. In GPO1, create a Scheduled Tasks preference that uses item-level targeting.
  3. In GPO1, configure the File System security policy. Attach a WMI filter to GPO1.
  4. In GPO1, add Script1.ps1 as a startup script. Attach a WMI filter to GPO1.
Correct answer: B









CONNECT US

Facebook

Twitter

PROFEXAM WITH A 20% DISCOUNT

You can buy ProfExam with a 20% discount!

Get Now!


HOW TO OPEN VCEX FILES

Use ProfExam Simulator to open VCEX files