Top Quality 70-742 Exam Questions 2021

NEW QUESTION 1
Your network contains an Active Directory domain named contoso.com.
You have an administrative computer named Computer1 that runs Windows Server 2021. From Computer1, you edit a Group Policy object (GPO) named GPO1 as shown in the exhibit.

You receive a new administrative template named Template1. Template1 consists of Template1.adml. Template1 is in English US.
You need to ensure that the settings of Template1 appear under the Administrative Templates node.
To where should you copy the Template1 files? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

NEW QUESTION 2
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory domain named contoso.com. A user named User1 is in an organizational unit (OU) named OU1.
You are troubleshooting a folder access issue for User1.
You need a list of groups to which User1 is either a direct member or an indirect member. Solution: You run Get-ADUser –Identity User1 –Property MemberOf.
Does this meet the goal?

• A. Yes
• B. No

Answer: B

Explanation: The Get-ADUser cmdlet does not include the MemberOf property. The command above is, therefore, not valid.
References:
https://docs.microsoft.com/en-us/powershell/module/addsadministration/get-aduser?view=win10-ps

NEW QUESTION 3
Your network contains an Active Directory forest named contoso.com
Your company plans to hire 500 temporary employees for a project that will last 90 days.
You create a new user account for each employee. An organizational unit (OU) named Temp contains the user accounts for the employees.
You need to prevent the new users from accessing any of the resources in the domain after 90 days. What should you do?

• A. Run the Get-ADUser cmdlet and pipe the output to the Set-ADUser cmdlet.
• B. Create a group that contains all of the users in the Temp O
• C. Create a Password Setting object (PSO) for the new group.
• D. Create a Group Policy object (GPO) and link the GPO to the Temp O
• E. Modify the Password Policy settings of the GPO.
• F. Run the GET-ADOrganizationalUnit cmdlet and pipe the output to the Set-Date cmdlet.

Answer: A

NEW QUESTION 4
Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2 that run Windows Server 2021.
Server1 has IP Address Management (IPAM) installed. Server2 has the DHCP Server role installed. The IPAM server retrieves data from Server2.
You create a domain user account named User1.
You need to ensure that User1 can use IPAM to manage DHCP.
Which command should you run on Server1? To answer, select the appropriate options in the answer area.

Answer:

Explanation:

NEW QUESTION 5
You have an offline root certification authority (CA) named CA1. CA1 is hosted on a virtual machine. You only turn on CA1 when the CA must be patched or you must generate a key for subordinate CAs. You start CA1, and you discover that the filesystem is corrupted.
You resolve the filesystem corruption and discover that you must reload the CA root from a backup.
When you attempt to run the Restore-CARoleService cmdlet, you receive the following error message: “The process cannot access the file because it is being used by another process.”

• A. Stop the Active Directory Domain Services (AD DS) service.
• B. Run the Restore-CARoleService cmdlet and specify the path to a valid CA key.
• C. Stop the Active Directory Certificate Services (AD CS) service.
• D. Run the Restore-CARoleService cmdlet and specify the Force parameter.

Answer: C

NEW QUESTION 6
Your company has two offices. The offices are located in Montreal and Seattle. The network contains an Active Directory forest named contoso.com.
The forest contains three domain controllers configured as shown in the following table.

The company physically relocates Server2 from the Montreal office the Seattle office.
You discover that both Server1 and Server2 authenticate users who sign in to the client computers in the Montreal office. Only Server3 authentications users who sign in to the computers in the Seattle office.
You need to ensure that Server2 authenticates the users in the Seattle office during normal network operations. What should you do?

• A. From Windows Power Shell, run the Move-AD Directory Server cmdlet.
• B. From Active Directory Users and Computers, modify the Location property of Server2.
• C. From Windows PowerShell, run the Set-ADReplicationSite cmdlet.
• D. From Network Connections on Server2, modify the Internet Protocol Version 4 (TCP/IPv4) configuration.

Answer: C

NEW QUESTION 7
Your network contains an Active Directory forest. The forest contains a domain named contoso.com. The domain contains three domain controllers.
A domain controller named lon-dc1 fails. You are unable to repair lon-dc1.
You need to prevent the other domain controllers from attempting to replicate to lon-dc1.
Solution: From Active Directory Users and Computers, you remove the computer account of lon-dc1. Does this meet the goal?

• A. Yes
• B. No

Answer: A

Explanation: To remove the failed server object from the domain controllers container, access Active Directory Users and Computers, expand the domain controllers container, and delete the computer object associated with the failed domain controller
References: https://www.petri.com/delete_failed_dcs_from_ad

NEW QUESTION 8
Your network contains an Active Directory domain named contoso.com.
The user account for a user named User1 is in an organizational unit (OU) named OU1. You need to enable User1 to sign in as user1@adatum.com.
Solution: From Windows PowerShell, You run Set-ADuser User1 –UserPrincipalName User1@Adatum.com. Does this meet the goal?

• A. Yes
• B. No

Answer: A

NEW QUESTION 9
Your network contains an Active Directory domain named contoso.com. The network contains several IP subnets. One of the subnets uses a network ID if 192.168.10.0/24.
You link a Group Policy object (GPO) named GPO1 to the domain.
You need to map a drive to a specific file share on the computers in the 192.168.10.0/24 network only. What should you do?

• A. From the User Configuration node of GPO1, configure the Folder Redirection setting
• B. Link a WMI filter to GPO1.
• C. From the Computer Configuration mode of GPO1, configure the Network Connections setting
• D. Link a WMI filter to GPO1.
• E. From the User Configuration node of GPO1, create a Group Policy preference that uses item-level targeting.
• F. From the Computer Configuration node of GPO1, create a Group Policy preference that uses item-level targeting.

Answer: C

NEW QUESTION 10
Your network contains an Active Directory domain named contoso.com.
You have an application named App1 that is deployed to all the client computers in the domain. App1 writes a registry value named LocalStorage on all the client computers.
You need to delete the LocalStorage registry value from all the client computers in the domain that have less than 100 GB of free disk space on their system volume.
What should you do?

• A. Configure Software Settings in a Group Policy object (GPO) and enable a WMI filter.
• B. Configure a Group Policy setting to modify the security of the LocalStorage registry value.
• C. Create an administrative template file that contains the LocalStorage registry setting, and then add the administrative template to a Group Policy object (GPO).
• D. Configure a Group Policy preference that uses item-level targeting.

Answer: D

Explanation: In Windows Server 2008 Microsoft introduced a Group Policy extension, named Group Policy Preferences (GPP). GPP that includes registry settings, allows you to add, remove or modify key values.
References: https://theitbros.com/add-modify-and-delete-registry-keys-using-group-policy/

NEW QUESTION 11
You network contains an Active Directory domain named contoso.com. The domain contains an Active Directory Federation Services (AD FS) server named ADFS1, a Web Application Proxy server named WAP1, and a web server named Web1.
You need to publish a website on Web1 by using the Web Application Proxy. Users will authenticate by using OAuth2 preauthentication.
What should you do first?

• A. On Web1, add site bindings.
• B. On Web1, add handler mappings.
• C. On ADFS1, enable an endpoint.
• D. On ADFS1, add a claims provider trust.

Answer: D

NEW QUESTION 12
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You deploy a new Active Directory forest.
You need to ensure that you can create a group Managed Service Account (gMSA) for multiple member servers.
Solution: You configure Kerberos constrained delegation on the computer account of each member server. Does this meet the goal?

• A. Yes
• B. No

Answer: B

NEW QUESTION 13
Note: This question is part of a series of questions that use the same scenario. For your convenience, the scenario is repeated in each question. Each question presents a different goal and answer choices, but the text of the scenario is exactly the same in each question in this series.
Start of repeated scenario.
Your network contains an Active Directory domain named contoso.com. The domain contains a single site named Site1. All computers are in Site1.
The Group Policy objects (GPOs) for the domain are configured as shown in the exhibit. (Click the Exhibit button.)

The relevant users and client computer in the domain are configured as shown in the following table.

End of repeated scenario.
You are evaluating what will occur when you disable the Group Policy link for A6.
Which GPOs will apply to User2 when the user signs in to Computer1 after the link for A6 is disabled?

• A. A1 and A5 only
• B. A3, A1, and A5 only
• C. A3, A1, A5, and A4 only
• D. A3, A1, A5, and A7

Answer: C

NEW QUESTION 14
Note: This question is part of a series of questions that use the same scenario. For your convenience, the scenario is repeated in each question. Each question presents a different goal and answer choices, but the text of the scenario is exactly the same in each question in this series.
Start of repeated scenario.
Your network contains an Active Directory domain named contoso.com. The domain contains a single site named Site1. All computers are in Site1.
The Group Policy objects (GPOs) for the domain are configured as shown in the exhibit. (Click the Exhibit button.)

The relevant users and client computer in the domain are configured as shown in the following table.

End of repeated scenario.
You are evaluating what will occur when you block inheritance on OU4.
Which GPO or GPOs will apply to User1 when the user signs in to Computer1 after block inheritance is configured?

• A. A1, A5, and A6
• B. A3, A1, A5, and A7
• C. A3 and A7 only
• D. A7 only

Answer: D

NEW QUESTION 15
Note: This question is part of a series of questions that use the same or similar answer choices. An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in this series.
Information and details provided in a question apply only to that question.
Your network contains an Active Directory domain named contoso.com. The domain contains 5,000 user accounts.
You have a Group Policy object (GPO) named DomainPolicy that is linked to the domain and a GPO named DCPolicy that is linked to the Domain Controllers organizational unit (OU).
You need to force users to change their account password at least every 30 days. What should you do?

• A. From the Computer Configuration node of DCPolicy, modify Security Settings.
• B. From the Computer Configuration node of DomainPolicy, modify Security Settings.
• C. From the Computer Configuration node of DomainPolicy, modify Administrative Templates.
• D. From the User Configuration node of DCPolicy, modify Security Settings.
• E. From the User Configuration node of DomainPolicy, modify Folder Redirection.
• F. From user Configuration node of DomainPolicy, modify Administrative Templates.
• G. From Preferences in the User Configuration node of DomainPolicy, modify Windows Settings.
• H. From Preferences in the Computer Configuration node of DomainPolicy, modify Windows Settings.

Answer: B

NEW QUESTION 16
Your network contains an Active Directory domain named contoso.com. The relevant objects in the domain are configured as shown in the following table.

You have the following configurations:
User1 is in OU1 and is a member of Group1 and Group2
User2 is in OU2 and is a member of Group1 and Group3
GPO1 is linked to OU1.
Server1 has three shares named Share1, Share2, and Share3. The Domain Users group permissions to all three shares.
GPO1 is configured as shown in the exhibit. (Click the Exhibit button.)

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

Answer:

Explanation: