Microsoft 70-742 Identity with Windows Server 2016 Online Training
Microsoft 70-742 Online Training
The questions for 70-742 were last updated at Nov 23,2024.
- Exam Code: 70-742
- Exam Name: Identity with Windows Server 2016
- Certification Provider: Microsoft
- Latest update: Nov 23,2024
DRAG DROP
You network contains an Active Directory forest. The forest contains an Active Directory Federation Services (AD FS) deployment.
The AD FS deployment contains the following:
– An AD FS server named server1.contoso.com that runs Windows Server 2016
– A Web Application Proxy used to publish AD FS
– A LIPN that uses the contoso.com suffix
– A namespace named adfs.contoso.com
You create a Microsoft Office 365 tenant named contoso.onmicrosoft.com. You use Microsoft Azure Active Directory Connect (AD Connect) to synchronize all of the users and the UPNs from the contoso.com forest to Office 365.
You need to configure federation between Office 365 and the on-premises deployment of Active Directory.
Which three commands should you run in sequence from Server1? To answer, move the appropriate commands from the list of commands to the answer area and arrange them in the correct order.
HOTSPOT
You have a server named Server1 that runs Windows Server 2016. Server1 has the Web Application Proxy role service installed.
You are publishing an application named App1 that will use Integrated Windows authentication as shown in the following graphic.
Use the drop-down menus to select the answer area choice that completes each statement based on the information presented in the graphic.
HOTSPOT
Your network contains an Active Directory forest. The forest contains one domain named contoso.com. The domain contains two domain controllers named DC1 and DC2. DC1 holds all of the operations master roles.
During normal network operations, you run the following commands on DC2: Move-ADDirectoryServerOperationMasterRole -Identity “DC2” -OperationMasterRole PDCEmulator Move- ADDirectoryServerOperationMasterRole CIdentity “DC2” -OperationMasterRole RIDMaster DC1 fails.
You remove DC1 from the network, and then you run the following command: Move-ADDirectoryServerOperationMasterRole CIdentity “DC2” -OperationMasterRole SchemaMaster
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Your network contains an Active Directory forest named contoso.com
Your company plans to hire 500 temporary employees for a project that will last 90 days.
You create a new user account for each employee. An organizational unit (OU) named Temp contains the user accounts for the employees.
You need to prevent the new users from accessing any of the resources in the domain after 90 days.
What should you do?
- A . Run the Get-ADUser cmdlet and pipe the output to the Set-ADUser cmdlet.
- B . Create a group that contains all of the users in the Temp OU. Create a Password Setting object (PSO) for the new group.
- C . Create a Group Policy object (GPO) and link the GPO to the Temp OU. Modify the Password Policy settings of the GPO.
- D . Run the GET-ADOrganizationalUnit cmdlet and pipe the output to the Set-Date cmdlet.
Your network contains an Active Directory forest. The forest contains two domains named litwarenc.com and contoso.com. The contoso.com domain contains two domains controllers named LON-DC01 and LON-DC02. The domain controllers are located in a site named London that is associated to a subnet of 192.168.10.0/24
You discover that LON-DC02 is not a global catalog server.
You need to configure LON-DC02 as a global catalog server.
What should you do?
- A . From Active Directory Sites and Services, modify the properties of the 192.168.10.0/24 IP subnet.
- B . From Windows PowerShell, run the Set-NetNatGlobal cmdlet.
- C . From Active Directory Sites and Services, modify the NTDS Settings object of LON-DC02.
- D . From Windows PowerShell, run the Enable-ADOptionalFeature cmdlet.
Your network contains an Active Directory domain named contoso.com. The domain functional level is Windows Server 2012 R2.
You need to secure several high-privilege user accounts to meet the following requirements:
What should you do?
- A . Create a universal security group for the user accounts and modify the Security settings of the group.
- B . Add the users to the Windows Authorization Access Group group.
- C . Add the user to the Protected Users group.
- D . Create a separate organizational unit (OU) for the user accounts and modify the Security settings of the OU.
HOTSPOT
Your network contains an Active Directory domain named contoso.com.
Some user accounts in the domain have the P.O. Box attribute set.
You plan to remove the value of the P.O. Box attribute for all of the users by using Ldifde.
You have a user named User1 who is located in the Users container.
How should you configure the LDIF file to remove the value of the P.O. Box attribute for User1? To answer, select the appropriate options in the answer area.
DRAG DROP
Your company has multiple offices.
The network contains an Active Directory domain named contoso.com. An Active Directory site exists for each office. All of the sites connect to each other by using DEFAULTIPSITELINK. The company plans to open a new office. The new office will have a domain controller and 100 client computers.
You install Windows Server 2016 on a member server in the new office. The new server will become a domain controller. You need to deploy the domain controller to the new office. The solution must ensure that the client computers in the new office will authenticate by using the local domain controller.
Which three actions should you perform next in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Your network contains an Active Directory forest named contoso.com.
A partner company has a forest named fabrikam.com. Each forest contains one domain.
You need to provide access for a group named Research in fabrikam.com to resources in contoso.com. The solution must use the principle of least privilege.
What should you do?
- A . Create an external trust from fabrikam.com to contoso.com. Enable Active Directory split permissions in fabrikam.com.
- B . Create an external trust from contoso.com to fabrikam.com. Enable Active Directory split permissions in contoso.com.
- C . Create a one-way forest trust from contoso.com to fabrikam.com that uses selective authentication.
- D . Create a one-way forest trust from fabrikam.com to contoso.com that uses selective authentication.
HOTSPOT
Your network contains an Active Directory forest named contoso.com.
Your company has a custom application named ERP1. ERP1 uses an Active Directory Lightweight Directory Services (AD LDS) server named Server1 to authenticate users.
You have a member server named Server2 that runs Windows Server 2016. You install the Active Directory Federation Services (AD FS) server role on Server2 and create an AD FS farm.
You need to configure AD FS to authenticate users from the AD LDS server.
Which cmdlets should you run? To answer, select the appropriate options in the answer area.
Latest 70-742 Dumps Valid Version with 279 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
