Microsoft 70-742 Exam Questions 2021

NEW QUESTION 1
Your network contains an Active Directory forest named contoso.com. The forest contains three domains named contoso.com, corp.contoso.com, and ext.contoso.com. The forest contains three Active Directory sites named Site1, Site2, and Site3.
You have the three administrators as described in the following table.

You create a Group Policy object (GPO) named GPO1.
Which administrator or administrators can link GPO1 to Site2?

• A. Admin1 and Admin2 only
• B. Admin1, Admin2, and Admin3
• C. Admin3 only
• D. Admin1 and Admin3 only

Answer: D

Explanation: References:
https://technet.microsoft.com/en-us/library/cc732979(v=ws.11).aspx

NEW QUESTION 2
Note: This question is part of a series of questions that use the same scenario. For your convenience, the scenario is repeated in each question. Each question presents a different goal and answer choices, but the text of the scenario is exactly the same in each question in this series.
Start of repeated Scenario:
You work for a company named Contoso, Ltd.
The network contains an Active Directory forest named contoso.com. A forest trust exists between contoso.com and an Active Directory forest named adatum.com.
The contoso.com forest contains the objects configured as shown in the following table. Scenario:
Refer to following table:

Group1 and Group 2 contain only user accounts.
Contoso hires a new remote user named User3. User3 will work from home and will use a computer named Computed that runs Windows 10. Computed is currently in a workgroup.
An administrator named Admin1 is a member of the Domain Admins group in the contoso.com domain. From Active Directory Users and Computers, you create an organizational unit (OU) named OU1 in the
contoso.com domain, and then you create a contact named Contact1 in OU1,
An administrator of the adatum.com domain runs the Set-ADUser cmdlet to configure a user named User1 to have a user logon name of User1@litwareinc.com.
End of Scenario:
Admin1 attempts to delete OU1 and receives an error message. You need to ensure that Admin1 can delete OU1. What should you do first?

• A. Delete Contact1.
• B. Add Admin1 to the Enterprise Admins group.
• C. Modify the Object settings for OU1.
• D. Disable the Active Directory Recycle Bin.

Answer: C

NEW QUESTION 3
Your company has a main office and three branch offices. The network contains an Active Directory domain named contoso.com.
The main office contains three domain controllers. Each branch office contains one domain controller.
You discover the new settings in the Default Domain Policy are not applied in one of the branch offices, but all other Group Policy objects (GPOs) are applied.
You need to check the replication of the Default Domain Policy for the branch office. What should you do from a domain controller in the main office?

• A. From Group Policy Management, click Default Domain Policy under Contoso.com, and then open theScope tab.
• B. From a command prompt, run dcdiag.exe.
• C. From Group Policy Management, click Default Domain Policy under the Group Policy Objectscontainer, and then open the Status tab.
• D. From Windows PowerShell, run the Get-ADReplicationConnection cmdlet.

Answer: C

NEW QUESTION 4
Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. The domain contains a server named Server1.
An administrator named Admin01 plans to configure Server1 as a standalone certification authority (CA). You need to identify to which group Admin01 must be a member to configure Server1 as a standalone CA.
The solution must use the principle of least privilege.
To which group should you add Admin01?

• A. Administrators on Server1.
• B. Domain Admins in contoso.com
• C. Cert Publishers on Server1
• D. Key Admins in contoso.com

Answer: A

NEW QUESTION 5
Your network contains an Active Directory domain named adatum.com. The domain contains the servers configured as shown in the following table:

You have a server named Server6 in the perimeter network. Each server has the local users show in the following table.

The domain contains the users shown in the following table.

You install a Web Application Proxy on Server6.
You need to configure the Web Application proxy on Server6. The solution must use the principle of least privilege.
Which account should you specify in the Web Application Proxy Configuration Wizard? To answer, select the appropriate options in the answer are.
NOTE: Each correct selection is worth one point.

Answer:

Explanation: The user account used to configure the web application proxy must have local Administrator permission on the WAP server(s), and have access to an account that have local Administrator permissions on the AD FS servers.
References:
http://www.mistercloudtech.com/2015/11/25/how-to-install-and-configure-web-application-proxy-for-adfs/

NEW QUESTION 6
Your network contains a signle-domin Active Directory forest named contoso.com. The forest functional level is Windows Server 2021. The forest has Dynamic Access Control enabled.
The domin contains two domain controllers named DC1 and DC2. Privileged user accounts used to manage Active Directory reside in a group named ContosoAD_Admins.
You create an authentication policy named Policy1 and an authentication policy silo named Silo1.
You need to ensure that the accounts in the ContosoAD-Admins group can sign in to the domain controllers only.
Which three configurations should you perform? Each correction answer presents part of the solution.

• A. Create an access control condition in Policy1.
• B. Create a managed service account and add the account to Permitted Accounts in Silo1.
• C. Add the domain controllers to the ContosoAD_Admins group.
• D. Add the privileged user accounts and the domain controllers to Permitted Accounts in Silo1.
• E. Assign Silo1 to the privileged user accounts and the domain controllers.

Answer: ADE

NEW QUESTION 7
You deploy a new certification authority (CA) to a server that runs Windows Server 2021. You need to configure the CA to support recovery of certificates.
What should you do first?

• A. Modify the Recovery Agents settings from the properties of the CA.
• B. Assign the Request Certificates permission to the user account that will be responsible for recovering certificates.
• C. Configure the Key Recovery Agent template as a certificate template to issue.
• D. Modify the extensions of the OCSP Response Signing template.

Answer: C

Explanation: References:
http://markgossa.blogspot.co.uk/2021/03/enable-key-archival-in-server-2012-r2.html

NEW QUESTION 8
Your network contains an Active Directory domain named contoso.com.
The user account for a user named User1 is in an organizational unit (OU) named OU1. You need to enable User1 to sign in as user1@adatum.com.
Solution: From Windows PowerShell, You run Set-ADObject ‘CN=User1, OU=OU1, DC=Contoso,DC=com’
–Add @ {UserPrincipalNAme=’User1@Adatum.com’} –Remove
@{UserPrincipalName=’User1@Contoso.com’},
Does this meet the goal?

• A. Yes
• B. No

Answer: A

NEW QUESTION 9
Note: This question is part of a series of questions that use the same scenario. For your convenience, the scenario is repeated in each question. Each question presents a different goal and answer choices, but the text of the scenario is exactly the same in each question in this series.
Start of repeated scenario.
Your network contains an Active Directory domain named contoso.com. The domain contains a single site named Site1. All computers are in Site1.
The Group Policy objects (GPOs) for the domain are configured as shown in the exhibit. (Click the Exhibit button.)

The relevant users and client computer in the domain are configured as shown in the following table.

End of repeated scenario.
You are evaluating what will occur when you disable the Group Policy link for A6.
Which GPOs will apply to User2 when the user signs in to Computer1 after the link for A6 is disabled?

• A. A1 and A5 only
• B. A3, A1, and A5 only
• C. A3, A1, A5, and A4 only
• D. A3, A1, A5, and A7

Answer: D

NEW QUESTION 10
Your network contains an Active Directory domain named contoso.com.
The user account for a user named User1 is in an organizational unit (OU) named OU1. You need to enable User1 to sign in as user1@adatum.com.
Solution: From Active Directory Users and Computers, you set the E-mail property of User1 to user1@adatum.com.
Does this meet the goal?

• A. Yes
• B. No

Answer: B

NEW QUESTION 11
Your network contains an Active Directory domain named contoso.com. The domain functional level is Windows Server 2012 R2.
You need to secure several high-privilege user accounts to meet the following requirements: What should you do?

• A. Create a universal security group for the user accounts and modify the Security settings of the group.
• B. Add the users to the Windows Authorization Access Group group.
• C. Add the user to the Protected Users group.
• D. Create a separate organizational unit (OU) for the user accounts and modify the Security settings of the OU.

Answer: C

NEW QUESTION 12
Your network contains an Active Directory forest. The forest contains a domain named contoso.com. The domain contains three domain controllers.
A domain controller named lon-dc1 fails. You are unable to repair lon-dc1.
You need to prevent the other domain controllers from attempting to replicate to lon-dc1. Solution: From Active Directory Sites and Services, you remove the object of lon-dc1. Does this meet the goal?

• A. Yes
• B. No

Answer: B

NEW QUESTION 13
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You deploy a new Active Directory forest.
You need to ensure that you can create a group Managed Service Account (gMSA) for multiple member
servers.
Solution: From Windows PowerShell on a domain controller, you run the Add-KdsRootKey cmdlet.
Does this meet the goal?

• A. Yes
• B. No

Answer: A

NEW QUESTION 14
Note: This question is part of a series of questions that use the same or similar answer choices. An answer
choice may be correct for more than one question in the series. Each question is independent of the other questions in this series.
Information and details provided in a question apply only to that question.
Your network contains an Active Directory domain named contoso.com. The domain contains 5,000 user accounts.
You have a Group Policy object (GPO) named DomainPolicy that is linked to the domain and a GPO named DCPolicy that is linked to the Domain Controllers organizational unit (OU).
You need to ensure that all of the client computers on the network automatically download and install Windows updates.
What should you do?

• A. From the Computer Configuration node of DCPolicy, modify Security Settings.
• B. From the Computer Configuration node of DomainPolicy, modify Security Settings.
• C. From the Computer Configuration node of DomainPolicy, modify Administrative Templates.
• D. From the User Configuration node of DCPolicy, modify Security Settings.
• E. From the User Configuration node of DomainPolicy, modify Folder Redirection.
• F. From user Configuration node of DomainPolicy, modify Administrative Templates.
• G. From Preferences in the User Configuration node of DomainPolicy, modify Windows Settings.
• H. From Preferences in the Computer Configuration node of DomainPolicy, modify Windows Settings.

Answer: F

NEW QUESTION 15
Your company has a marketing department.
The network contains an Active Directory domain named contoso.com.
The main office contains three domain controllers. Each branch office contains one domain controller.
You discover that new settings in the Default Domain Policy are not applied on one of the branch offices, but all other Group Policy objects (GPOs) are applied.
You need to check the replication of the Default Domain Policy for the branch Office. What should you do from a domain controller in the main office?

• A. From Windows Power Shell, run the Get-GPO Report cmdlet.
• B. From a command prompt, run repadmin.exe.
• C. From a command prompt, run dcdlage.exe.
• D. From Group Policy Management, click Default Domain Policy under Contoso.com

Answer: A

NEW QUESTION 16
Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2 that run Windows Server 2021.
Server1 has IP Address Management (IPAM) installed. Server2 has the DHCP Server role installed. The IPAM server retrieves data from Server2.
The domain has two users named User1 and User2 and a group named Group1. User1 is the only member of Group1.
Server1 has one IPAM access policy. You edit the access policy as shown in the Policy exhibit. (Click the Exhibit button.)

The DHCP scopes are configured as shown in the Scopes exhibit. (Click the Exhibit button.)

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

Answer:

Explanation: