Free Microsoft 70-742 Practice Test & Real Exam Questions
You have an Active Directory Rights Management Services (AD RMS) server named RMS1.
Multiple documents are protected by using RMS1.
RMS1 fails and cannot be recovered.
You install the AD RMS server role on a new server named RMS2. You restore the AD RMS database from RMS1 to RMS2.
Users report that they fail to open the protected documents and to protect new documents.
You need to ensure that the users can access the protected content.
What should you do?
Multiple documents are protected by using RMS1.
RMS1 fails and cannot be recovered.
You install the AD RMS server role on a new server named RMS2. You restore the AD RMS database from RMS1 to RMS2.
Users report that they fail to open the protected documents and to protect new documents.
You need to ensure that the users can access the protected content.
What should you do?
Correct Answer: A
Vote an answer
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2016.
You install IP Address Management (IPAM) on Server1.
You need to manually start discovery of servers that IPAM can manage in contoso.com.
Which three cmdlets should you run in sequence? To answer, move the appropriate cmdlets from the list of cmdlets to the answer area and arrange them in the correct order.
You install IP Address Management (IPAM) on Server1.
You need to manually start discovery of servers that IPAM can manage in contoso.com.
Which three cmdlets should you run in sequence? To answer, move the appropriate cmdlets from the list of cmdlets to the answer area and arrange them in the correct order.
Correct Answer:
Explanation
Step 1: Invoke-IpamServerProvisioning
Choose a provisioning method
The Invoke-IpamGpoProvisioning cmdlet creates and links three group policies specified in the Domain parameter for provisioningrequired access settingson the server roles managed by the computer running the IP Address Management (IPAM) server.
Step 2: Add-IpamDiscoveryDomain
Configure the scope of discovery
The Add-IpamDiscoveryDomain cmdlet adds an Active Directory discovery domain for an IP AddressManagement (IPAM) server. A discovery domain is a domain that IPAM searches to find infrastructure servers. An IPAM server uses the list of discovery domains to determine what type of servers to add. By default, IPAM discovers all domain controllers, Dynamic Host Configuration Protocol (DHCP) servers, and Domain Name System (DNS) servers.
Step 3: Start-ScheduledTask
Start server discovery
To begin discovering servers on the network, click Start server discovery to launch the IPAM ServerDiscovery task or use the Start-ScheduledTask command.
You have an internal web server that hosts websites. The websites use HTTP and HTTPS.
You deploy a Web Application Proxy to your perimeter network.
You need to ensure that users from the Internet can access the websites by using HTTPS only. Internet access to the websites must use the Web Application Proxy.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
You deploy a Web Application Proxy to your perimeter network.
You need to ensure that users from the Internet can access the websites by using HTTPS only. Internet access to the websites must use the Web Application Proxy.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
Correct Answer: C,D
Vote an answer
Your network contains an Active Directory domain named contoso.com.
You plan to deploy a new Active Directory Rights Management Services (AD RMS) cluster on a server named Server1.
You need to create the AD RMS service account. The solution must use the principle of least privilege What should you do?
You plan to deploy a new Active Directory Rights Management Services (AD RMS) cluster on a server named Server1.
You need to create the AD RMS service account. The solution must use the principle of least privilege What should you do?
Correct Answer: C
Vote an answer
Your network contains an Active Directory domain named contoso.com.
You open Group Policy Management as shown in the Group Policy Management exhibit. (Click the Exhibit button.)
A user named User1 is in OU1. A computer named Computer2 is in OU2.
The settings of GPO1 are configured as shown in the GPO1 exhibit. (Click the Exhibit button.)
The settings of GPO2 are configured as shown in the GPO2 exhibit. (Click the Exhibit button.)
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
You open Group Policy Management as shown in the Group Policy Management exhibit. (Click the Exhibit button.)
A user named User1 is in OU1. A computer named Computer2 is in OU2.
The settings of GPO1 are configured as shown in the GPO1 exhibit. (Click the Exhibit button.)
The settings of GPO2 are configured as shown in the GPO2 exhibit. (Click the Exhibit button.)
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Correct Answer:
Explanation
You have an enterprise certification authority (CA) named CA1. You have a certificate template named UserAutoEnroll that is based on the User certificate template. Domain users are configured to autoenroll for UserAutoEnroll.
A user named User1 has an email address defined in Active Directory. A user named User2 does not have an email address defined in Active Directory. You discover that User1 was issued a certificate based on UserAutoEnroll template automatically.
A request by user2 for a certificate based on the UserAutoEnroll template fails.
You need to ensure that all users can autoenroll for certificated based on the UserAutoEnroll template.
Which setting should you configure from the properties on the UserAutoEnroll certificate template?
A user named User1 has an email address defined in Active Directory. A user named User2 does not have an email address defined in Active Directory. You discover that User1 was issued a certificate based on UserAutoEnroll template automatically.
A request by user2 for a certificate based on the UserAutoEnroll template fails.
You need to ensure that all users can autoenroll for certificated based on the UserAutoEnroll template.
Which setting should you configure from the properties on the UserAutoEnroll certificate template?
Correct Answer: A
Vote an answer
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You deploy a new Active Directory forest.
You need to ensure that you can create a group Managed Service Account (gMSA) for multiple member servers.
Solution: From Windows PowerShell on a domain controller, you run the Set-KdsConfiguration cmdlet.
Does this meet the goal?
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You deploy a new Active Directory forest.
You need to ensure that you can create a group Managed Service Account (gMSA) for multiple member servers.
Solution: From Windows PowerShell on a domain controller, you run the Set-KdsConfiguration cmdlet.
Does this meet the goal?
Correct Answer: A
Vote an answer
Note: This question is part of a series of questions that use the same scenario. For your convenience, the scenario is repeated in each question. Each question presents a different goal and answer choices, but the text of the scenario is exactly the same in each question in this series.
Start of repeated scenario.
You work for a company named Contoso, Ltd.
The network contains an Active Directory forest named contoso.com. A forest trust exists between contoso.com and an Active Directory forest named adatum.com.
The contoso.com forest contains the objects configured as shown in the following table.
Group1 and Group2 contain only user accounts.
Contoso hires a new remote user named User3. User3 will work from home and will use a computer named Computer3 that runs Windows 10. Computer3 is currently in a workgroup.
An administrator named Admin1 is a member of the Domain Admins group in the contoso.com domain.
From Active Directory Users and Computers, you create an organizational unit (OU) named OU1 in the contoso.com domain, and then you create a contact named Contact1 in OU1.
An administrator of the adatum.com domain runs the Set-ADUser cmdlet to configure a user named User1 to have a user logon name of [email protected].
End of repeated scenario.
Admin1 attempts to delete OU1 and receives an error message.
You need to ensure that Admin1 can delete OU1.
What should you do first?
Start of repeated scenario.
You work for a company named Contoso, Ltd.
The network contains an Active Directory forest named contoso.com. A forest trust exists between contoso.com and an Active Directory forest named adatum.com.
The contoso.com forest contains the objects configured as shown in the following table.
Group1 and Group2 contain only user accounts.
Contoso hires a new remote user named User3. User3 will work from home and will use a computer named Computer3 that runs Windows 10. Computer3 is currently in a workgroup.
An administrator named Admin1 is a member of the Domain Admins group in the contoso.com domain.
From Active Directory Users and Computers, you create an organizational unit (OU) named OU1 in the contoso.com domain, and then you create a contact named Contact1 in OU1.
An administrator of the adatum.com domain runs the Set-ADUser cmdlet to configure a user named User1 to have a user logon name of [email protected].
End of repeated scenario.
Admin1 attempts to delete OU1 and receives an error message.
You need to ensure that Admin1 can delete OU1.
What should you do first?
Correct Answer: C
Vote an answer
Explanation: Only visible for Pass4Leader members. You can sign-up / login (it's free).
The network contains an Active Directory forest named contoso.com.
The forest contains three domain controllers configured as shown in the following table.
The company physically relocates Server2 from the Montreal office to the Seattle office.
You discover that both Server1 and Server2 authenticate users who sign in to the client computers in the Montreal office. Only Server3 authenticates users who sign in to the computers in the Seattle office.
You need to ensure that Server2 authenticates the users in the Seattle office during normal network operations.
What should you do?
The forest contains three domain controllers configured as shown in the following table.
The company physically relocates Server2 from the Montreal office to the Seattle office.
You discover that both Server1 and Server2 authenticate users who sign in to the client computers in the Montreal office. Only Server3 authenticates users who sign in to the computers in the Seattle office.
You need to ensure that Server2 authenticates the users in the Seattle office during normal network operations.
What should you do?
Correct Answer: B
Vote an answer
Note: This question is part of a series of questions that use the same or similar answer choices. An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in this series.
Information and details provided in a question apply only to that question.
Your network contains an Active Directory domain named contoso.com. The domain contains 5,000 user accounts.
You have a Group Policy object (GPO) named DomainPolicy that is linked to the domain and a GPO named DCPolicy that is linked to the Domain Controllers organizational unit (OU).
You need to use the application control policy settings to prevent several applications from running on the network.
What should you do?
Information and details provided in a question apply only to that question.
Your network contains an Active Directory domain named contoso.com. The domain contains 5,000 user accounts.
You have a Group Policy object (GPO) named DomainPolicy that is linked to the domain and a GPO named DCPolicy that is linked to the Domain Controllers organizational unit (OU).
You need to use the application control policy settings to prevent several applications from running on the network.
What should you do?
Correct Answer: G
Vote an answer
Your network contains an Active Directory domain. The domain contains a server named Server1 that runs Windows Server 2016- Server1 runs a service named Service! in the security context of the Network Service account The domain contains an enterprise certification authority (CA).
You plan to create a certificate template that will be used to issue certificates for Service1. Server1 will enroll for the certificates on behalf of Service1.
Which template settings you must configure to allow Service1 to access the private keys of the certificates installed on Server1?
You plan to create a certificate template that will be used to issue certificates for Service1. Server1 will enroll for the certificates on behalf of Service1.
Which template settings you must configure to allow Service1 to access the private keys of the certificates installed on Server1?
Correct Answer: B
Vote an answer
You Active Directory domain has the Group Policy objects (GPOs) shown in the following exhibit.
Use the drop- down menus to select choice that complete each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Use the drop- down menus to select choice that complete each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Correct Answer:
Explanation
References:
https://emeneye.wordpress.com/2016/02/16/group-policy-order-of-precedence-faq/
Your network contains an Active Directory domain named adatum.com. The domain contains a security group named G_Research and an organizational unit (OU) named OU_Research.
All the users in the research department are members of G_Research and their user accounts are in OU_Research.
You need to ensure that all the research department users change their password every 28 days and enforce a complex password that is characters long.
What should you do?
All the users in the research department are members of G_Research and their user accounts are in OU_Research.
You need to ensure that all the research department users change their password every 28 days and enforce a complex password that is characters long.
What should you do?
Correct Answer: B
Vote an answer
Your network contains an Active Directory domain named contoso.com. The domain functional level is Windows Server 2016. The domain contains the servers shown in the following table.
The domain has several Managed Service Accounts.
Server 1 hosts a service named Service 1 that runs in the security context of the LocalSystem account.
You need to implement a group Managed Service Account to run Service 1.
Which two actions should you perform? Each correct answer presents part of the solution.
The domain has several Managed Service Accounts.
Server 1 hosts a service named Service 1 that runs in the security context of the LocalSystem account.
You need to implement a group Managed Service Account to run Service 1.
Which two actions should you perform? Each correct answer presents part of the solution.
Correct Answer: A
Vote an answer
