Microsoft 70-742 Exam Dumps 2021

NEW QUESTION 1
Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2 that run Windows Server 2021.
Server1 has IP Address Management (IPAM) installed. Server2 has Microsoft System Center 2021 Virtual Machine Manager (VMM) installed.
You need to integrate IPAM and VMM.
Which types of objects should you create on each server? To answer, drag the appropriate object types to the correct servers. Each object type may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

Answer:

Explanation: Server 1 (IPAM): Access Policy
VMM must be granted permission to view and modify IP address space in IPAM, and to perform remote management of the IPAM server. VMM uses a “Run As” account to provide these permissions to the IPAM network service plugin. The “Run As” account must be configured with appropriate permission on the IPAM server.
To assign permissions to the VMM user account
In the IPAM server console, in the upper navigation pane, click ACCESS CONTROL, right-click Access Policies in the lower navigation pane, and then click Add AccessPolicy.
Etc.
Server 2 (VMM) #1: Network Service Server 2 (VMM) #2: Run As Account
Perform the following procedure using the System Center VMM console. To configure VMM (see step 1-3, step 6-7)

Etc.
References: https://technet.microsoft.com/en-us/library/dn783349(v=ws.11).aspx

NEW QUESTION 2
Your network contains an Active Directory forest. The forest contains an Active Directory Federation Services (AD FS) deployment.
The AD FS deployment contains the following.
• An AD FS server named server1.contoso.com that runs Windows Server 2021
• A Web Application Proxy used to publish AD FS
• A UPN that uses the contoso.com suffix
• A namespace named adfs.contoso.com
You create a Microsoft Office 365 tenant named contoso.onmicrosoft.com. You use Microsoft Azure Active Directory Connect (AD Connect) to synchronize all of the users and the UPNs from the contoso.com forest to Office 365.
You need to configure federation between Office 365 and the on-premises deployment of Active Directory. Which three commands should you run in sequence from Server1? To answer, move the appropriate
commands from the list of commands to the answer area and arrange them in the correct order.

Answer:

Explanation:

NEW QUESTION 3
Your network contains an Active Directory domain. The domain contains an Active Directory Rights Management Services (AD RMS) cluster and a certification authority (CA).
You need to ensure that all the documents that are protected by using AD RMS can be decrypted if the account used to encrypt the documents is deleted.
What should you do?

• A. Back up the AD RMS-protected files by using Windows Server Backup.
• B. Configure key archival on the CA.
• C. Manually configure the AD RMS cluster key password.
• D. Configure super users in the AD RMS deployment.

Answer: D

Explanation: https://social.technet.microsoft.com/wiki/contents/articles/9111.disaster-recovery-guide-for-active-directory-righ

NEW QUESTION 4
Your network contains an Active Directory domain named contoso.com.
You need to view a list of all the domain user accounts that are enabled. But whose users have not signed in during the last 30 days.
Which command should you run? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Answer:

Explanation:

NEW QUESTION 5
Your network contains an Active Directory forest named contoso.com. The forest contains several domains. An administrator named Admin01 installs Windows Server 2021 on a server named Server1 and then joins
Server1 to the contoso.com domain.
Admin01 plans to configure Server1 as an enterprise root certification authority (CA).
You need to ensure that Admin01 can configure Server1 as an enterprise CA. The solution must use the principle of least privilege.
To which group should you add Admin01?

• A. Server Operators in the contoso.com domain
• B. Cert Publishers on Server1
• C. Enterprise Key Admins in the contoso.com domain
• D. Enterprise Admins in the contoso.com domain.

Answer: D

NEW QUESTION 6
Your network contains an Active Directory forest. The forest contains two domains named litwarenc.com and contoso.com. The contoso.com domain contains two domains controllers named LON-DC01 and LON-DC02.
The domain controllers are located in a site named London that is associated to a subnet of 192.168.10.0/24
You discover that LON-DC02 is not a global catalog server. You need to configure LON-DC02 as a global catalog server.
What should you do?

• A. From the properties of the LON-DC02 computer account in Active Directory Users and Computers, modify the NTDS settings.
• B. From the properties of the LON-DC02 computer account in Active Directory Users and Computers, modify the City attribute.
• C. From Active Directory Sites and Services, modify the properties of the 192.168.10.0/24 IP subnet.
• D. From the properties of the Domain Controllers organizational unit (OU) in Active Directory Users and Computers, modify the Security settings.

Answer: A

NEW QUESTION 7
You use Application Request Routing (ARR) to make internal web applications available to the Internet by using NTLM authentication.
You need to replace ARR by using the Web Application Proxy. Which server role should you deploy first?

• A. Active Directory Lightweight Directory Services
• B. Active Directory Rights Management Services
• C. Active Directory federation Services
• D. Active Directory Certificate Services

Answer: C

NEW QUESTION 8
Your network contains an Active Directory forest. The forest contains two domains named litwarenc.com and contoso.com. The contoso.com domain contains two domains controllers named LON-DC01 and LON-DC02. The domain controllers are located in a site named London that is associated to a subnet of 192.168.10.0/24
You discover that LON-DC02 is not a global catalog server. You need to configure LON-DC02 as a global catalog server. What should you do?

• A. From Active Directory Sites and Services, modify the properties of the 192.168.10.0/24 IP subnet.
• B. From Windows PowerShell, run the Set-NetNatGlobal cmdlet.
• C. From Active Directory Sites and Services, modify the NTDS Settings object of LON-DC02.
• D. From Windows PowerShell, run the Enable-ADOptionalFeature cmdlet.

Answer: C

NEW QUESTION 9
The network contains an Active Directory forest named contoso.com.
The forest contains three domain controllers configured as shown in the following table.

The company physically relocates Server2 from the Montreal office to the Seattle office.
You discover that both Server1 and Server2 authenticate users who sign in to the client computers in the Montreal office. Only Server3 authenticates users who sign in to the computers in the Seattle office.
You need to ensure that Server2 authenticates the users in the Seattle office during normal network operations. What should you do?

• A. From Windows PowerShell, run the Set-ADReplicationSite cmdlet.
• B. From Active Directory Users and Computers, modify the Location Property of Server2.
• C. From Network Connections on Server2, modify the Internet Protocol Version 4 (TCP/IPv4) configuration.
• D. From Windows PowerShell, run the Move-ADDirectoryServer cmdlet.

Answer: A

NEW QUESTION 10
You create a user account that will be used as a template for new user accounts.
Which setting will be copied when you copy the user account from Active Directory Users and Computers?

• A. Published Certificates
• B. the Member of attribute
• C. the Office attribute
• D. the Description attribute

Answer: B

NEW QUESTION 11
Your network contains an Active Directory domain named contoso.com.
You have a Group Policy object (GPO) named GPO1. GPO1 is linked to an organizational unit (OU) named OU1.
GPO1 contains several corporate desktop restrictions that apply to all computers. You plan to deploy a printer to the computers in OU1.
You need to ensure that any user who signs in to a computer that runs Windows 10 in OU1 receives the new printer. All of the computers in OU1 must continue to apply the corporate desktop restrictions from GPO1.
What should you configure?

• A. a user preference and a WMI filter on GPO1.
• B. a computer preference that uses item-level targeting
• C. a computer preference and WMI filter on GPO1
• D. a user preference that uses item-level targeting

Answer: D

NEW QUESTION 12
You have an internal web server that hosts websites. The websites use HTTP and HTTPS. You deploy a Web Application Proxy to your perimeter network.
You need to ensure that users from the Internet can access the websites by using HTTPS only. Internet access to the websites must use the Web Application Proxy.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

• A. From the Remote Access Management Console, publish the website
• B. Configure pass-through authentication and select Enable HTTP to HTTPS redirection.
• C. Configure the Web Application Proxy to perform preauthentication by using Oauth2.
• D. On external DNS name servers, create DNS entries that point to the private IP address of the web server.
• E. From the web server, enable HTTP Redirect on the Web Application Proxy server.
• F. On external DNS name servers, create DNS entries that point to the public IP address of the Web Application Proxy.

Answer: AE

NEW QUESTION 13
Your network contains an enterprise root certification authority (CA) named CA1.
Multiple computers on the network successfully enroll for certificates that will expire in one year. The certificates are based on a template named Secure_Computer. The template uses schema version 2.
You need to ensure that new certificates based on Secure_Computer are valid for three years. What should you do?

• A. Modify the Validity period for the certificate template.
• B. Instruct users to request certificates by running the certreq.exe command.
• C. Instruct users to request certificates by using the Certificates console.
• D. Modify the Validity period for the root CA certificate.

Answer: A

NEW QUESTION 14
Your network contains an Active Directory domain named contoso.com. The domain contains an Active Directory Federation Services {AD FS) server named Server1.
On a standalone server named Server2, you install and configure the Web Application Proxy.
You have an internal web application named WebApp1. AD FS has a relying party trust for WebApp1. You need to provide external users with access to WebApp1. Authentication to WebApp1 must use AD FS
pre-authentication.
Which tool should you use to publish WebApp1?

• A. Remote Access Management on Server1
• B. AD FS Management on Server2
• C. Remote Access Management on Server2
• D. Routing and Remote Access on Server1
• E. AD FS Management on Server1.

Answer: C

Explanation: References:
https://docs.microsoft.com/en-us/windows-server/remote/remote-access/web-application-proxy/publishing-appli

NEW QUESTION 15
Your network contains an Active Directory domain named contoso.com.
You have an organizational unit (OU) named TestOU that contains test computers.
You need to enable a technician named Tech1 to create Group Policy objects (GPOs) and to link the GPOs to TestOU. The solution must use the principle of least privilege.
Which two actions should you perform? Each correct answer presents part of the solution.

• A. Add Tech1 to the Group Policy Creator Owners group.
• B. From Group Policy Management, modify the Delegation settings of the TestOU OU.
• C. Add Tech1 to the Protected Users group.
• D. From Group Policy Management, modify the Delegation settings of the contoso.com container.
• E. Create a new universal security group and add Tech1 to the group.

Answer: AB

NEW QUESTION 16
Your network contains an Active Directory domain named contoso.com. The domain contains an enterprise certification authority (CA) named CA1.
You duplicate the Computer certificate template, and you name the template Cont_Computers.
You need to ensure that all of the certificates issued based on Cont_Computers have a key size of 4,096 bits. What should you do?

• A. From the properties of CA1, modify the Security settings.
• B. From the properties of CA1, modify the Request Handling settings.
• C. From the properties of the Computer template, modify the Key Attestation settings.
• D. From the properties of Cont_Computers, modify the Cryptography settings.

Answer: C