Microsoft 70-742 Dumps Questions 2021

NEW QUESTION 1
Your network contains an Active Directory forest named contoso.com. The forest contains 10 domains. The root domain contains a global catalog server named DC1.
You remove the global catalog server role from DC1.
You need to decrease the size of the Active Directory database on DC1.
Solution:You stop the NTDS service on DC1. You run ntdsutil.exe, use the metadata cleanup option, and then start the NTDS
Does this meet the goal?

• A. Yes
• B. No

Answer: B

Explanation: You need to run ntdsutil.exe with the ‘compact to’ option. References:
https://theitbros.com/active-directory-database-compact-defrag/

NEW QUESTION 2
Your network contains an Active Directory domain named contoso.com. You need to create a central store for Group Policy administrator templates. What should you use?

• A. Server Manager
• B. File Explorer
• C. Dcgpofix.exe
• D. Group Policy Management Console (GPMC)

Answer: B

NEW QUESTION 3
Your company implements Active Directory Federation Services (AD FS).
You confirm that the company meets all the prerequisites for using Microsoft Azure Multi-Factor Authentication (MFA) and AD FS.
You need to ensure that you can select MFA as the primary authentication method for AD FS.
Which three actions should you perform in sequence? To answer move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Answer:

Explanation:

NEW QUESTION 4
Your company has a testing environment that contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2021. Server1 has IP Address Management (IPAM) installed. IPAM has the following configuration.

The IPAM Overview page from Server Manager is shown in the IPAM Overview exhibit. (Click the Exhibit button.)

The group policy configurations are shown in the GPO exhibit. (Click the Exhibit button.) For each of the following statements, select Yes if the statement is true. Otherwise, select No.

Answer:

Explanation: No domains have been selected in the “Configure Server Discovery” option. Therefore, no automatic discovery will take place. Manual addition of a server will also fail because IPAM needs a domain configured for server verification.

NEW QUESTION 5
Your network contains an Active Directory domain named adatum.com. The domain contains a security group named G_Research and an organizational unit (OU) named OU_Research.
All the users in the research department are members of G_Research and their user accounts are in OU_Research.
You need to ensure that all the research department users change their password every 28 days and enforce a complex password that is 12 characters long.
What should you do?

• A. From a Group Policy Management, create and link a Group Policy object (GPO) to OU_Research.Modify the password policy in the GPO.
• B. From a Group Policy Management, create and link a Group Policy object (GPO) to the domai
• C. Modify the password policy in the GP
• D. Filter the GPO to apply to G_Research only.
• E. From Active Directory Users and Computers, modify the properties of the Password Settings Container.
• F. From Active Directory Administrative Center, create a new Password Settings object (PSO).

Answer: D

NEW QUESTION 6
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory domain named contoso.com. The domain contains two domain controllers named DC1 and DC2.
DC1 holds the RID master operations role. DC1 fails and cannot be repaired. You need to move the RID role to DC2.
Solution: On DC2, you open the command prompt, run dsmgmt.exe, connect to DC2, and use the Seize RID master opinion.
Does this meet the goal?

• A. Yes
• B. No

Answer: B

NEW QUESTION 7
Your network contains a single-domain Active Directory forest named contoso.com. The forest functional level is Windows Server 2021. The Active Directory Recycle Bin feature is enabled.
You need to design a procedure to restore the values of user object attributes if the values are changed accidentally.
Which cmdlets should you include in the procedure? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

NEW QUESTION 8
Your company has multiple offices.
The network contains an Active Directory domain named contoso.com. An Active Directory site exists for each office. All of the sites connect to each other by using DEFAULTIPSITELINK.
The company plans to open a new office. The new office will have a domain controller and 100 client computers.
You install Windows Server 2021 on a member server in the new office. The new server will become a domain controller.
You need to deploy the domain controller to the new office. The solution must ensure that the client computers in the new office will authenticate by using the local domain controller.
Which three actions should you perform next in sequence? To answer, move the appropriate actions from the
list of actions to the answer area and arrange them in the correct order.

Answer:

Explanation:

NEW QUESTION 9
Note: This question is part of a series of questions that use the same or similar answer choices. An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in this series.
Information and details provided in a question apply only to that question.
Your network contains an Active Directory domain named contoso.com. The domain contains 5,000 user accounts.
You have a Group Policy object (GPO) named DomainPolicy that is linked to the domain and a GPO named DCPolicy that is linked to the Domain Controllers organizational unit (OU).
You need to ensure that the members of the Backup Operators group can back up domain controllers. What should you do?

• A. From the Computer Configuration node of DCPolicy, modify Security Settings.
• B. From the Computer Configuration node of DomainPolicy, modify Security Settings.
• C. From the Computer Configuration node of DomainPolicy, modify Administrative Templates.
• D. From the User Configuration node of DCPolicy, modify Security Settings.
• E. From the User Configuration node of DomainPolicy, modify Folder Redirection.
• F. From user Configuration node of DomainPolicy, modify Administrative Templates.
• G. From Preferences in the User Configuration node of DomainPolicy, modify Windows Settings.
• H. From Preferences in the Computer Configuration node of DomainPolicy, modify Windows Settings.

Answer: D

NEW QUESTION 10
Your network contains an Active Directory domain named contoso.com. The domain contains three servers named Server1, Server2, and Server3 that run Windows Server 2021.
Server1 has IP Address Management (IPAM) installed. Server2 and Server3 have the DHCP Server role installed and have several DHCP scopes configured. The IPAM server retrieves data from Server2 and Server3.
A domain user named User1 is a member of the groups shown in the following table.

On Server1, you create a security policy for User1. The policy grants the IPAM DHCP Scope Administrator Role with the Global access scope to the user.
Which actions can User1 perform? To answer, select the appropriate options in the answer area.

Answer:

Explanation: User1 is using Server Manager, not IPAM to perform the administration. Therefore, only the “DHCP Administrators” permission on Server2 and the “DHCP Users” permissions on Server3 are applied.
The permissions granted through membership of the “IPAM DHCP Scope Administrator Role” are not applied when the user is not using the IPAM console.

NEW QUESTION 11
You have users that access web applications by using HTTPS. The web applications are located on the servers in your perimeter network. The servers use certificates obtained from an enterprise root certification authority (CA). The certificates are generated by using a custom template named WebApps. The certificate revocation list (CRL) is published to Active Directory.
When users attempt to access the web applications from the Internet, the users report that they receive a revocation warning message in their web browser. The users do not receive the message when they access the web applications from the intranet.
You need to ensure that the warning message is not generated when the users attempt to access the web applications from the Internet.
What should you do?

• A. Install the Certificate Enrollment Web Service role service on a server in the perimeter network.
• B. Modify the WebApps certificate template, and then issue the certificates used by the web application servers.
• C. Install the Web Application Proxy role service on a server in the perimeter networ
• D. Create a publishing point for the CA.
• E. Modify the CRL distribution point, and then reissue the certificates used by the web application servers.

Answer: C

NEW QUESTION 12
Your network contains an Active Directory domain named contoso.com.
You need to create a central store for Group Policy administrative templates. What should you use?

• A. Server Manager
• B. File Explorer
• C. Dcgpofix.exe
• D. Group Policy Management Console (GPMC)

Answer: B

NEW QUESTION 13
Your network contains an Active Directory domain named contoso.com. You need to create a central store for Group Policy administrative templates. What should you use?

• A. Dcgpofix.exe
• B. Group Policy Management Console (GPMC)
• C. Gpfixup.exe
• D. Copy-Item

Answer: D

NEW QUESTION 14
Your network contains an Active Directory domain named contoso.com.
You create a domain security group named Group1 and add several users to it.
You need to force all of the users in Group1 to change their password every 35 days. The solution must affect the Group1 users only.
What should you do?

• A. From Windows PowerShell, run the Set-ADDomain cmdlet, and then run the Set-ADAccountPassword cmdlet.
• B. Modify the Password Policy settings in a Group Policy object (GPO) that is linked to the domain, and then filter the GPO to Group1 only.
• C. Create a forms authentication provider, and then set the forms authentication credentials.
• D. From Active Directory Administrative Center, create a Password Setting object (PSO).

Answer: D

NEW QUESTION 15
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory domain named contoso.com. A user named User1 is in an organizational unit (OU) named OU1.
You are troubleshooting a folder access issue for User1.
You need a list of groups to which User1 is either a direct member or ab indirect member. Solution: You run dsget user cn=User1, ou=OU1, dc=contoso, dc=com –memberof –expand. Does this meet the goal?

• A. Yes
• B. No

Answer: A

Explanation: DSGET displays the properties of a user in the directory. There are two variations of this command. The first variation displays the properties of multiple users. The second variation displays the group membership information of a single user.
To show the list of groups, recursively expanded, to which the user Mike Danseglio belongs, type: dsget user "CN=Mike Danseglio,CN=users,dc=ms,dc=tld" -memberof –expand
References:
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc73253

NEW QUESTION 16
You have an Active Directory Rights Management Services (AD RMS) server named RMS1. Multiple documents are protected by using RMS1.
RMS1 fails and cannot be recovered.
You install the AD RMS server role on a new server named RMS2. You restore the AD RMS database from RMS1 to RMS2.
Users report that they fail to open the protected documents and to protect new documents. You need to ensure that the users can access the protected content.
What should you do?

• A. From Active Directory Rights Management, update the Service Connection Point (SCP) for RMS1.
• B. From DNS, create an alias (CNAME) record for RMS2.
• C. From DNS, modify the service location (SRV) record for RMS1.
• D. From RMS2, register a service principal name (SPN) in Active Directory.

Answer: D