Guaranteed 70-742 Exam Dumps 2021

NEW QUESTION 1
Note: This question is part of a series of questions that use the same scenario. For you convenience, the scenario is repeated in each question. Each question presents a different goal and answer choices, but the text of the scenario is exactly the same in each question in this series.
Start of repeated scenario.
You work for a company named Contoso, Ltd.
The network contains an Active Directory forest named contoso.com. A forest trust exists between contoso.com and an Active Directory forest named adatum.com.
The contoso.com forest contains the objects configured as shown in the following table.

Group1 and Group2 contain only user accounts.
Contoso hires a new remote user named User3. User3 will work from home and will use a computer named Computer3 that runs Windows 10. Computer3 is currently in a workgroup.
An administrator named Admin1 is a member of the Domain Admins group in the contoso.com domain. From Active Directory Users and Computers, you create an organizational unit (OU) named OU1 in the
contoso.com domain, and then you create a contact named Contact1 in OU1.
An administrator of the adatum.com domain runs the Set-ADUser cmdlet to configure a user named User1 to have a user logon name of User1@litwareinc.com.
End or repeated scenario.
You need to join Computer3 to the contoso.com domain by using offline domain join.
Which command should you use in the contoso.com domain and on Computer3? To answer, select the appropriate options in the answer area.

Answer:

Explanation:

NEW QUESTION 2
Your company has a main office and three branch offices. The network contains an Active Directory domain named contoso.com.
The main office contains three domain controllers. Each branch office contains one domain controller.
You discover the new settings in the Default Domain Policy are not applied in one of the branch offices, but all other Group Policy objects (GPOs) are applied.
You need to check the replication of the Default Domain Policy for the branch office. What should you do from a domain controller in the main office?

• A. From Group Policy Management, click Default Domain Policy under Contoso.com, and then open theScope tab.
• B. From a command prompt, run dcdiag.exe.
• C. From Group Policy Management, click Default Domain Policy under the Group Policy Objectscontainer, and then open the Status tab.
• D. From Windows PowerShell, run the Get-ADReplicationConnection cmdlet.

Answer: C

NEW QUESTION 3
You have an enterprise certification authority (CA) named ContosoCA. Recovery agents are configured for ContosoCA.
You duplicate the User certificate template and name it Cont_User. You plan to issue the certificates based on Cont_User to provide users with the ability to encrypt email messages and files.
You need to ensure that the recovery agents can access any user-encrypted files and email messages if the users lose their certificate.
What should you do?

• A. Issue a certificate based on a key recovery agent certificate.
• B. Modify the Recovery Agents settings for ContosoCA.
• C. Modify the Request Handling settings for Cont_User.
• D. On ContosoCA, configure the Key Recovery Agent template as a certificate template to issue.

Answer: C

NEW QUESTION 4
Your network contains an Active Directory domain named contoso.com. You need to create a central store for Group Policy administrative templates. What should you use?

• A. Dcgpofix.exe
• B. Group Policy Management Console (GPMC)
• C. Gpfixup.exe
• D. Copy-Item

Answer: D

NEW QUESTION 5
You have a server named Server1 that runs Windows Server 2021. Server1 has the Windows Application Proxy role service installed.
You need to publish Microsoft Exchange ActiveSync services by using the Publish New Application Wizard. The ActiveSync services must use preauthentication.
How should you configure Server1? To answer, select the appropriate options in the answer area.

Answer:

Explanation:

NEW QUESTION 6
Your network contains an Active Directory domain named contoso.com. The domain contains an Active Directory Federation Services (AD FS) server named Server1.
On a standalone server named Server2. You install and configure the Web Application Proxy.
You have an internal web application named WebApp1. AD FS has a replying party trust for WebApp1. You need to provide external users with access to WebApp1. Authentication to WebApp1, must use AD FS
preauthentication.
Which tool should you use to publish webapp1?

• A. Remote Access Management on Server2
• B. AD FS Management on Server2
• C. Routing and Remote Access on Server1
• D. Remote Access Management on Server1
• E. AD FS Management on Server1

Answer: E

NEW QUESTION 7
Your network contains an Active Directory forest. The forest contains one domain named contoso.com. The domain contains two domain controllers named DC1 and DC2. DC1 holds all of the operations master roles.
During normal network operations, you run the following commands on DC2:
Move-ADDirectoryServerOperationMasterRole -Identity “DC2” -OperationMasterRole PDCEmulator Move- ADDirectoryServerOperationMasterRole –Identity “DC2” -OperationMasterRole RIDMaster DC1 fails.
You remove DC1 from the network, and then you run the following command:
Move-ADDirectoryServerOperationMasterRole –Identity “DC2” -OperationMasterRole SchemaMaster For each of the following statements, select Yes if the statement is true. Otherwise, select No.

Answer:

Explanation:

NEW QUESTION 8
Your company has a main office and three branch offices.
The network contains an Active Directory domain named contoso.com.
The main office contains three domain controllers. Each branch office contains one domain controller.
You discover that new settings in the Default Domain Policy are not applied in one of the branch offices, but all other Group Policy objects (GPOs} are applied.
You need to check the replication of the Default Domain Policy for the branch office. What should you do from a domain controller in the main office?

• A. From a command prompt, run dcdiag.exe.
• B. From Group Policy Management, click Default Domain Policy under Contoso.com, and then open theDetails tab.
• C. From Group Policy Management, click Default Domain Policy under Contoso.com, and then open theScope tab.
• D. From a command prompt, run repadmin.exe.

Answer: D

NEW QUESTION 9
Your network contains an Active Directory forest named contoso.com. The forest contains a member server named Server1 that runs Windows Server 2021. Server1 is located in the perimeter network.
You install the Active Directory Federation Services server role on Server1. You create an Active Directory Federation Services (AD FS) farm by using a certificate that has a subject name of sts.contoso.com.
You need to enable certificate authentication from the Internet on Server1.
Which two inbound TCP ports should you open on the firewall? Each correct answer presents part of the solution.

• A. 389
• B. 443
• C. 3389
• D. 8531
• E. 49443

Answer: BE

NEW QUESTION 10
Your network contains an Active Directory forest named contoso.com. The forest contains the root domain and two child domains named childl.contoso.com and child2.contoso.com. Child1 contains three domain controllers named DC1, DC2, and DC3. Child2 contains one domain controller named
You have two accounts named Child1Admin1 and Child2Admin2 that you use to perform administrative tasks. Currently, the accounts can manage only the member servers in their respective domain.
You plan to demote DC3 and to remove the Child2 domain.
You need to ensure that Admin1 can demote DC3 and that Admtn2 can demote DC4. The solution must use the principle of least privilege.
To which groups should you add Admin1 and Admin2? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation: Admin1: ContosoDomain Admins Admin2: Child2Server Operators

NEW QUESTION 11
Your network contains an Active Directory domain named adatum.com. The domain contains a security group named G_Research and an organizational unit (OU) named OU_Research.
All the users in the research department are members of G_Research and their user accounts are in OU_Research.
You need to ensure that all the research department users change their password every 28 days and enforce a complex password that is 12 characters long.
What should you do?

• A. From a Group Policy Management, create and link a Group Policy object (GPO) to OU_Research.Modify the password policy in the GPO.
• B. From a Group Policy Management, create and link a Group Policy object (GPO) to the domai
• C. Modify the password policy in the GP
• D. Filter the GPO to apply to G_Research only.
• E. From Active Directory Users and Computers, modify the properties of the Password Settings Container.
• F. From Active Directory Administrative Center, create a new Password Settings object (PSO).

Answer: D

NEW QUESTION 12
Note: This question is part of a series of questions that use the same scenario. For your convenience, the scenario is repeated in each question. Each question presents a different goal and answer choices, but the text of the scenario is exactly the same in each question in this series.
Start of repeated scenario.
Your network contains an Active Directory domain named contoso.com. The domain contains a single site named Site1. All computers are in Site1.
The Group Policy objects (GPOs) for the domain are configured as shown in the exhibit. (Click the Exhibit button.)

The relevant users and client computer in the domain are configured as shown in the following table.

End of repeated scenario.
You are evaluating what will occur when you set User Group Policy loopback processing mode to Replace in A7.
Which GPO or GPOs will apply to User2 when the user signs in to Computer1 after loopback processing is configured?

• A. A1 and A7 only
• B. A3. Al, A5, A6, and A7
• C. A3, A5, A1, and A7 only
• D. A7 only

Answer: D

NEW QUESTION 13
Your network contains an enterprise root certification authority (CA) named CA1.
Multiple computers on the network successfully enroll for certificates that will expire in one year. The certificates are based on a template named Secure_Computer. The template uses schema version 2.
You need to ensure that new certificates based on Secure_Computer are valid for three years. What should you do?

• A. Modify the Validity period for the certificate template.
• B. Instruct users to request certificates by running the certreq.exe command.
• C. Instruct users to request certificates by using the Certificates console.
• D. Modify the Validity period for the root CA certificate.

Answer: A

NEW QUESTION 14
Note: This question is part of a series of questions that use the same or similar answer choice. An answer choice may be correct for more than one question in the series. Each question is Independent of the other questions in this series. Information and details provided in a question apply only to that question.
Your network contains an Active Directory domain named contoso.com. The domain functional level is Windows Server 2012 R2.
Your company hires 3 new security administrators to manage sensitive user data. You create a user account named Secunty1 for the security administrator.
You need to ensure that the password for Secunty1 has at least 12 characters and is modified every 10 days. The solution must apply to Security 1 only.
Which tool should you use?

• A. Dsadd quota
• B. Dsmod
• C. Active Directory Administrative Center
• D. Dsacis
• E. Dsamain

Answer: C

Explanation: Using Fine-Grained Password Policies you specify multiple password policies in a single domain and apply different restrictions for password and account lockout policies to different sets of users in a domain. You can apply stricter settings to privileged accounts and less strict settings to the accounts of other users.To enable Fine-Grained Password Policies (FGPP), you need to open the Active Directory Administrative Center (ADAC)https://blogs.technet.microsoft.com/canitpro/2013/05/29/step-by-step-enabling-and-using-fine-grained-

NEW QUESTION 15
Your network contains an Active Directory domain. All client computers run Windows 10.
A client computer named Computer1 was in storage for five months and was unused during that time. You attempt to sign in to the domain from Computer1 and receive an error message.
You need to ensure that you can sign in to the domain from Computer1. What should you do?

• A. Unjoin Computer1 from the domain, and then join the computer to the domain.
• B. From Active Directory Administrative Center, reset the computer account of Computer1.
• C. From Active Directory Administrative Center, disable Computer1, and then enable the computer account of Computer1.
• D. From Active Directory Users and Computers, run the Delegation of Control Wizard.

Answer: B

NEW QUESTION 16
Your network contains an Active directory domain named conloso.com. The domain has an enterprise certification authority (CA).
You duplicate the Basic EFS template, and you name the template Template1. You configure the CA to issue Template1.
Users are configured to obtain a new certificate automatically when they sign in to a computer in the domain. You need to enable the users to automatically obtain a certificate based on Template1.
What should you modify?

• A. the Security settings for Template1
• B. the Request Handling properties for the CA
• C. the Publication Settings for the CA
• D. the Request Handling properties for Template1

Answer: A

NEW QUESTION 17
Your network contains an Active Directory domain named contoso.com. The domain contains a Group Policy object (GPO) named GPO1.
You configure the Internet Settings preference in GPO1 as shown in the exhibit. (Click the Exhibit button.)

A user reports that the homepage of Internet Explorer is not set to http://www.contoso.com. You confirm that the other settings in GPO1 are applied.
You need to configure GPO1 to set the Internet Explorer homepage. What should you do?

• A. Edit the GPO1 preference and press F5.
• B. Modify Security Settings for GPO1.
• C. Modify WMI Filtering for GPO1.
• D. Modify the GPO1 preference to use item-level targeting.

Answer: A

Explanation: The red dotted line under the homepage URL means that setting is disabled. Pressing F5 enables all settings.

NEW QUESTION 18
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You deploy a new Active Directory forest.
You need to ensure that you can create a group Managed Service Account (gMSA) for multiple member
servers.
Solution: From Windows PowerShell on a domain controller, you run the Add-KdsRootKey cmdlet.
Does this meet the goal?

• A. Yes
• B. No

Answer: A

NEW QUESTION 19
Your network contains an Active Directory domain named contoso.com. You deploy a standalone root certification authority (CA) named CA1.
You need to auto enroll domain computers for certificates by using a custom certificate template. What should you do first?

• A. Modify the Policy Module for CA1.
• B. Modify the Exit Module for CA1.
• C. Install a standalone subordinate CA.
• D. Install an enterprise subordinate CA.

Answer: D

Explanation: You can’t create templates or configure auto-enrollment on a standalone CA.