Validated 70-742 Dumps Questions 2021

NEW QUESTION 1
Your company recently deployed a new child domain to an Active Directory forest.
You discover that a user modified the Default Domain Policy to configure several Windows components in the child domain.
A company policy states that the Default Domain Policy must be used only to configure domain-wide security settings.
You create a new Group Policy object (GPO) and configure the settings for the Windows components in the new GPO.
You need to restore the Default Domain Policy to the default settings from when the domain was first installed.
What should you do?

• A. From Group Policy Management, click Starter GPOs, and then click Manage Backups.
• B. From a command prompt, run the dcgpofix.exe command.
• C. From Windows PowerShell, run the Copy-GPO cmdlet.
• D. Run ntdsutil.exe to perform a metadata cleanup and a semantic database analysis.

Answer: B

NEW QUESTION 2
Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2 that run Windows Server 2021.
Server1 has Microsoft System Center 2021 Virtual Machine Manager (VMM) installed. Server2 has IP Address Management (IPAM) installed.
You create a domain user named User1.
You need to integrate IPAM and VMM. VMM must use the account of User1 to manage IPAM. The solution must use the principle of least privilege.
What should you do on each server? To answer, select the appropriate options in the answer area.

Answer:

Explanation: References:
https://technet.microsoft.com/en-us/library/dn783349(v=ws.11).aspx

NEW QUESTION 3
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution. Determine whether the solution meets the stated goals.
Your network contains an Active Directory domain named contoso.com. The domain contains a DNS server named Server1. All client computers run Windows 10.
On Server1, you have the following zone configuration.

You need to ensure that all of the client computers in the domain perform DNSSEC validation for the fabrikam.com namespace.
Solution: From a Group Policy object (GPO) in the domain, you add a rule to the Name Resolution Policy Table (NRPT).
Does this meet the goal?

• A. Yes
• B. No

Answer: A

Explanation: The NRPT stores configurations and settings that are used to deploy DNS Security Extensions (DNSSEC), and also stores information related to DirectAccess, a remote access technology.
Note: The Name Resolution Policy Table (NRPT) is a new feature available in Windows Server 2008 R2. The NRPT is a table that contains rules you can configure to specify DNS settings or special behavior for names or namespaces. When performing DNS name resolution, the DNS Client service checks the NRPT before sending a DNS query. If a DNS query or response matches an entry in the NRPT, it is handled according to settings in the policy. Queries and responses that do not match an NRPT entry are processed normally.
References: https://technet.microsoft.com/en-us/library/ee649207(v=ws.10).aspx

NEW QUESTION 4
Your network contains an Active Directory domain named contoso.com. The domain contains a username User1, a group named Group1, and an organizational unit (OU) named OU1.
You need to enable User1 to link Group Policies to OU1.
Solution: From Active Directory Administrative Center, you add User1 to Group1. From ADSI Edit, you grant Group1 Full Control permissions to the “CN=Policies, CN=System, DC=Contoso, DC=com” object.
Does this meet the goal?

• A. Yes
• B. NO

Answer: B

NEW QUESTION 5
You have a Nano Server named Nano1 that runs Windows Server 2021. Nano1 is deployed to a virtual machine and is a member of a workgroup.
You need to join Nano1 to a domain named contoso.com.
Which two commands should you run? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Answer:

Explanation:

NEW QUESTION 6
Your network contains an Active Directory domain named adatum.com. The domain contains a security group named G_Research and an organizational unit (OU) named OU_Research.
All the users in the research department are members of G_Research and their user accounts are in OU_Research.
You need to ensure that all the research department users change their password every 28 days and enforce a complex password that is characters long.
What should you do?

• A. From Group Policy Management, create and link a Group Policy object (GPO) to the domai
• B. Modify the password policy in the GPO Filter the GPO to apply to G_Research only.
• C. From Active Directory Administrative Center, create a new Password Settings object (PSO).
• D. From Active Directory Users and Computers, modify the properties of the Password Settings Container.
• E. From Group Policy Management, create and link a Group Policy object (GPO) to OU_Researc
• F. Modify the password policy in the GPO.

Answer: C

NEW QUESTION 7
Your network contains an Active Directory forest named contoso.com. They connect to the forest by using ldp.exe and receive the output as shown in the following exhibit.

Use drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

NEW QUESTION 8
Note: This question is part of a series of questions that use the same scenario. For your convenience, the scenario is repeated in each question. Each question presents a different goal and answer choices, but the text of the scenario is exactly the same in each question in this series.
Start of repeated Scenario
You work for a company named Contoso, Ltd.
The network contains an Active Directory forest named contoso.com. A forest trust exists between contoso.com and an Active Directory forest named adatum.com.
The contoso.com forest contains the objects configured as shown in the following table.

Group 1 and Group2 contain only user accounts.
Contoso hires a new remote user named User3. User3 will work from home and will use a computer named
Computer3 that runs Windows 10. Computer3 is currently in a workgroup.
An administrator named Admin1 is a member of the Domain Admins group in the contoso.com domain. From Active Directory Users and Computers, you create an organizational unit (OU) named OU1 in the
contoso.com domain, and then you create a contact named Contact1 in OU1.
An administrator of the adatum.com domain runs the Set-ADUser cmdlet to configure a user named User1 to have a user logon name of user1@litwareinc.com.
End of repeated scenario
You need to ensure that Admin1 can convert Group1 to a global group. What should you do?

• A. Add Admin1 to the Enterprise Admin group.
• B. Remove all the member from Group1.
• C. Modify the Security settings of Group1.
• D. Convert Group1 to a universal security group.

Answer: B

NEW QUESTION 9
Your network contains an Active Directory domain named contoso.com. The relevant objects in the domain are configured as shown in the following table.

You have the following configurations:
User1 is in OU1 and is a member of Group1 and Group2
User2 is in OU2 and is a member of Group1 and Group3
GPO1 is linked to OU1.
Server1 has three shares named Share1, Share2, and Share3. The Domain Users group permissions to all three shares.
GPO1 is configured as shown in the exhibit. (Click the Exhibit button.)

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

Answer:

Explanation:

NEW QUESTION 10
Your company has multiple branch offices.
The network contains an Active Directory domain named contoso.com.
In one of the branch offices, a new technician is hired to add computers to the domain.
After successfully joining multiple computers to the domain, the technician fails to join any more computers to the domain.
You need to ensure that the technician can join an unlimited number of computers to the domain. What should you do?

• A. Run the Delegation of Control Wizard on the Computers container.
• B. Run the redircmp.exe command.
• C. Modify the Security settings of the technician’s user account.
• D. Add the technician to the Windows Authorization Access group.

Answer: A

NEW QUESTION 11
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You deploy a new Active Directory forest.
You need to ensure that you can create a group Managed Service Account (gMSA) for multiple member servers.
Solution: You configure Kerberos constrained delegation on the computer account of each member server. Does this meet the goal?

• A. Yes
• B. No

Answer: B

NEW QUESTION 12
Note: This question is part of a series of questions that use the same scenario. For your convenience, the scenario is repeated in each question. Each question presents a different goal and answer choices, but the text of the scenario is exactly the same in each question in this series.
Start of repeated scenario.
Your network contains an Active Directory domain named contoso.com. The domain contains a single site named Site1. All computers are in Site1.
The Group Policy objects (GPOs) for the domain are configured as shown in the exhibit. (Click the Exhibit button.)

The relevant users and client computer in the domain are configured as shown in the following table.

End of repeated scenario.
You are evaluating what will occur when you disable the Group Policy link for A6.
Which GPOs will apply to User2 when the user signs in to Computer1 after the link for A6 is disabled?

• A. A1 and A5 only
• B. A3, A1, and A5 only
• C. A3, A1, A5, and A4 only
• D. A3, A1, A5, and A7

Answer: D

NEW QUESTION 13
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You deploy a new Active Directory forest.
You need to ensure that you can create a group Managed Service Account (gMSA) for multiple member servers.
Solution: From Windows PowerShell on a domain controller, you run the Set-KdsConfiguration cmdlet. Does this meet the goal?

• A. Yes
• B. No

Answer: B

NEW QUESTION 14
Your network contains an Active Directory forest. The forest contains two domains named litwarenc.com and contoso.com. The contoso.com domain contains two domains controllers named LON-DC01 and LON-DC02. The domain controllers are located in a site named London that is associated to a subnet of 192.168.10.0/24
You discover that LON-DC02 is not a global catalog server. You need to configure LON-DC02 as a global catalog server. What should you do?

• A. From Active Directory Sites and Services, modify the properties of the 192.168.10.0/24 IP subnet.
• B. From Windows PowerShell, run the Set-NetNatGlobal cmdlet.
• C. From Active Directory Sites and Services, modify the NTDS Settings object of LON-DC02.
• D. From Windows PowerShell, run the Enable-ADOptionalFeature cmdlet.

Answer: C

NEW QUESTION 15
Your network contains an Active Directory domain named contoso.com. The domain contains three servers named Server1, Server2, and Server3 that run Windows Server 2021.
Server1 has IP Address Management (IPAM) installed. Server2 and Server3 have the DHCP Server role installed and have several DHCP scopes configured. The IPAM server retrieves data from Server2 and Server3.
A domain user named User1 is a member of the groups shown in the following table.

On Server1, you create a security policy for User1. The policy grants the IPAM DHCP Scope Administrator Role with the Global access scope to the user.
Which actions can User1 perform? To answer, select the appropriate options in the answer area.

Answer:

Explanation: User1 is using Server Manager, not IPAM to perform the administration. Therefore, only the “DHCP Administrators” permission on Server2 and the “DHCP Users” permissions on Server3 are applied.
The permissions granted through membership of the “IPAM DHCP Scope Administrator Role” are not applied when the user is not using the IPAM console.

NEW QUESTION 16
You network contains an Active Directory domain named contoso.com. The domain contains 1,000 desktop computers and 500 laptops. An organizational unit (OU) named OU1 contains the computer accounts for the desktop computers and the laptops.
You create a Windows PowerShell script named Script1.ps1 that removes temporary files and cookies. You create a Group Policy object (GPO) named GPO1 and link GPO1 to OU1.
You need to run the script once weekly only on the laptops. What should you do?

• A. In GPO1, create a File preference that uses item-level targeting.
• B. In GPO1, create a Scheduled Tasks preference that uses item-level targeting.
• C. In GPO1, configure the File System security polic
• D. Attach a WMI filter to GPO1.
• E. In GPO1, add Script1.ps1 as a startup scrip
• F. Attach a WMI filter to GPO1.

Answer: B

NEW QUESTION 17
Your network contains an Active Directory forest named contoso.com. The forest contains an Active Directory Federation Services (AD FS) farm.
You install Windows Server 2021 on a server named Server2.
You need to configure Server2 as a node in the federation server farm.
Which cmdlets should you run? To answer, select the appropriate options in the answer area.

Answer:

Explanation:

NEW QUESTION 18
Your network contains an Active Directory domain named contoso.com.
The user account for a user named User1 is in an organizational unit (OU) named OU1. You need to enable User1 to sign in as user1@adatum.com.
Solution: From Active Directory Domains and Trusts, you configure an alternative UPN suffix, From Active Directory Administrative Center, you configure the User UPN logon property of User1.
Does this meet the goal?

• A. Yes
• B. No

Answer: A

NEW QUESTION 19
You have an internal web server that hosts websites. The websites use HTTP and HTTPS. You deploy a Web Application Proxy to your perimeter network.
You need to ensure that users from the Internet can access the websites by using HTTPS only. Internet access to the websites must use the Web Application Proxy.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

• A. From the Remote Access Management Console, publish the website
• B. Configure pass-through authentication and select Enable HTTP to HTTPS redirection.
• C. Configure the Web Application Proxy to perform preauthentication by using Oauth2.
• D. On external DNS name servers, create DNS entries that point to the private IP address of the web server.
• E. From the web server, enable HTTP Redirect on the Web Application Proxy server.
• F. On external DNS name servers, create DNS entries that point to the public IP address of the Web Application Proxy.

Answer: AE