Microsoft 70-742 Free Practice Questions 2021

NEW QUESTION 1
The network contains an Active Directory forest named contoso.com.
The forest contains three domain controllers configured as shown in the following table.

The company physically relocates Server2 from the Montreal office to the Seattle office.
You discover that both Server1 and Server2 authenticate users who sign in to the client computers in the Montreal office. Only Server3 authenticates users who sign in to the computers in the Seattle office.
You need to ensure that Server2 authenticates the users in the Seattle office during normal network operations. What should you do?

• A. From Windows PowerShell, run the Set-ADReplicationSite cmdlet.
• B. From Active Directory Users and Computers, modify the Location Property of Server2.
• C. From Network Connections on Server2, modify the Internet Protocol Version 4 (TCP/IPv4) configuration.
• D. From Windows PowerShell, run the Move-ADDirectoryServer cmdlet.

Answer: A

NEW QUESTION 2
Your network contains an Active Directory domain named contoso.com.
You open Group Policy Management as shown in the Group Policy Management exhibit. (Click the Exhibit button.)

A user named User1 is in OU1. A computer named Computer2 is in OU2.
The settings of GPO1 are configured as shown in the GPO1 exhibit. (Click the Exhibit button.)

The settings of GPO2 are configured as shown in the GPO2 exhibit. (Click the Exhibit button.)

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

Answer:

Explanation:

NEW QUESTION 3
Your network contains an Active Directory forest.
Some users report experiencing difficulties signing in to domain controllers. You suspect that the service location (SRV) records might be causing the issue.
What are two possible commands that you can run to verify the SRV records? Each correct answer presents a complete solution.
NOTE. Each correct selection is worth one point.

• A. dcdiag.exe /test:connectivity
• B. dnscmd /info
• C. dnscmd /DirectoryPartitionInfo
• D. dcdiag.exe /test:dns /DnsRecordRegistration
• E. dcdiag.exe /test:dns
• F. dnscmd /IPValidate

Answer: BD

Explanation: https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/troubleshoot/verify-dns-functionality-to

NEW QUESTION 4
Your network contains an Active Directory domain named contoso.com. A Group Policy object (GPO) named GPO1 is linked to contoso.com.
GPO1 has computer configuration polices, user configuration policies and user preferences configured.
You need to ensure that the user preferences in GPO1 apply only to users who sign in to computers that runs Windows 10. All the other settings in GPO1 must be applied, regardless of the computer to which the user sign in.
What should you configure?

• A. Security Settings
• B. WMI filtering
• C. Security Filtering
• D. item-level targeting

Answer: D

NEW QUESTION 5
Note: This question is part of a series of questions that use the same or similar answer choices. An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in this series. Information and details provided in a question apply only to that question.
Your network contains an Active Directory forest named contoso.com. The forest functional level is Windows Server 2012 R2.
You need to ensure that a domain administrator can recover a deleted Active Directory object quickly. Which tool should you use?

• A. Dsadd quota
• B. Dsmod
• C. Active Directory Administrative Center
• D. Dsacls
• E. Dsamain
• F. Active Directory Users and Computers
• G. Ntdsutil
• H. Group Policy Management Console

Answer: C

NEW QUESTION 6
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory domain named contoso.com. The domain contains two domain controllers named DC1 and DC2.
DC1 holds the RID master operations role. DC1 fails and cannot be repaired. You need to move the RID role to DC2.
Solution: On DC2, you open Active Directory Users and Computers, click Operations Masters.., verify that dc2.contoso.com is listed on the RID tab, and click Change.
Does this meet the goal?

• A. Yes
• B. No

Answer: B

Explanation: This would work if DC1 was still online. In that case we would be “transferring” the role. However, as DC1 is offline, we need to “seize” the role which can only be done by using the ntdsutil command or the
Move-AddirectoryServerOperationMasterRole PowerShell cmdlet with the -Force parameter.

NEW QUESTION 7
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You deploy a new Active Directory forest.
You need to ensure that you can create a group Managed Service Account (gMSA) for multiple member servers.
Solution: You configure Kerberos constrained delegation on the computer account of each domain controller. Does this meet the goal?

• A. Yes
• B. No

Answer: B

NEW QUESTION 8
You have a server named Server1 that runs Windows Server 2021. Server1 has the Web Application Proxy role service installed.
You plan to deploy Remote Desktop Gateway (RD Gateway) services. Clients will connect to the RD Gateway services by using various types of devices including Windows, iOS and Android devices.
You need to publish the RD Gateway services through the Web Application Proxy.
Which command should you run? To answer, select the appropriate options in the answer area.

Answer:

Explanation:

NEW QUESTION 9
Your network contains an Active Directory domain named contoso.com. The domain contains a user named User1 and an organizational unit (OU) named OU1.
You create a Group Policy object (GPO) named GPO1. You need to ensure that User1 can link GPO1 to OU1. What should you do?

• A. Modify the security setting of User1.
• B. Add User1 to the Group Policy Creator Owner group.
• C. Modify the security setting of OU1.
• D. Modify the security setting of GPO1.

Answer: D

NEW QUESTION 10
Your network contains an Active Directory forest named contoso.com.
A partner company has a forest named fabrikam.com. Each forest contains one domain.
You need to provide access for a group named Research in fabrikam.com to resources in contoso.com. The solution must use the principle of least privilege.
What should you do?

• A. Create an external trust from fabrikam.com to contoso.co
• B. Enable Active Directory split permissions in fabrikam.com.
• C. Create an external trust from contoso.com to fabrikam.co
• D. Enable Active Directory split permissions in contoso.com.
• E. Create a one-way forest trust from contoso.com to fabrikam.com that uses selective authentication.
• F. Create a one-way forest trust from fabrikam.com to contoso.com that uses selective authentication.

Answer: C

NEW QUESTION 11
Your network contains an Active Directory domain named contoso.com.
The user account for a user named User1 is in an organizational unit (OU) named OU1. You need to enable User1 to sign in as user1@adatum.com.
Solution: From Windows PowerShell, You run Set-ADObject ‘CN=User1, OU=OU1, DC=Contoso,DC=com’
–Add @ {UserPrincipalNAme=’User1@Adatum.com’} –Remove
@{UserPrincipalName=’User1@Contoso.com’},
Does this meet the goal?

• A. Yes
• B. No

Answer: A

NEW QUESTION 12
Your network contains an Active Directory domain named contos.com.
You need to create a central store for Group Policy administrative templates. What should you use?

• A. Group Policy Management Console (GPMC)
• B. Copy-Item
• C. Group Policy Management Editor
• D. Copy-GPO

Answer: B

NEW QUESTION 13
Your network contains an Active Directory forest. The forest contains a domain named contoso.com. The domain contains three domain controllers.
A domain controller named lon-dc1 fails. You are unable to repair lon-dc1.
You need to prevent the other domain controllers from attempting to replicate to lon-dc1.
Solution: From Active Directory Users and Computers, you remove the computer account of lon-dc1. Does this meet the goal?

• A. Yes
• B. No

Answer: A

Explanation: To remove the failed server object from the domain controllers container, access Active Directory Users and Computers, expand the domain controllers container, and delete the computer object associated with the failed domain controller
References: https://www.petri.com/delete_failed_dcs_from_ad

NEW QUESTION 14
Your network contains an Active Directory domain. The domain contains an organizational unit (OU) named FileServersOU. A Group Policy object (GPO) named GPO1 is linked to FileServersOU. FileServersOU contains all the file servers in the domain.
You make an urgent security edit to GPO1.
You need to ensure that all the file servers receive the updated setting as soon as possible. What should you do?

• A. Right-click FileServersOU and click Group Policy Update…
• B. Right-click the GPO link for GPO1 and click Enforced.
• C. Right-click Group Policy Results and click Group Policy Results Wizard…
• D. Right-click FileServersOU and click Refresh.

Answer: A

NEW QUESTION 15
Your network contains an Active Directory forest named contoso.com.
You have an Active Directory Federation Services (AD FS) farm. The farm contains a server named Server1 that runs Windows Server 2012 R2.
You add a server named Server2 to the farm. Server2 runs Windows Server 2021. You remove Server1 from the farm.
You need to ensure that you can use role separation to manage the farm. Which cmdlet should you run?

• A. Set-AdfsFarmInformation
• B. Update-AdfsRelyingPartyTrust
• C. Set-AdfsProperties
• D. Invoke-AdfsFarmBehaviorLevelRaise

Answer: D

Explanation: AD FS for Windows Server 2021 introduces the ability to have separation between server administrators and AD FS service administrators.
After upgrading our ADFS servers to Windows Server 2021, the last step is to raise the Farm Behavior Level using the Invoke-AdfsFarmBehaviorLevelRaise PowerShell cmdlet.
To upgrade the farm behavior level from Windows Server 2012 R2 to Windows Server 2021 use the Invoke-ADFSFarmBehaviorLevelRaise cmdlet.
References: https://technet.microsoft.com/en-us/library/mt605334(v=ws.11).aspx

NEW QUESTION 16
Your network contains an Active Directory domain named contoso.com.
The user account for a user named User1 is in an organizational unit (OU) named OU1. You need to enable User1 to sign in as user1@adatum.com.
Solution: From Active Directory Users and Computers, you set the E-mail property of User1 to user1@adatum.com.
Does this meet the goal?

• A. Yes
• B. No

Answer: B

NEW QUESTION 17
Your company has a marketing department.
The network contains an Active Directory domain named contoso.com.
The main office contains three domain controllers. Each branch office contains one domain controller.
You discover that new settings in the Default Domain Policy are not applied on one of the branch offices, but all other Group Policy objects (GPOs) are applied.
You need to check the replication of the Default Domain Policy for the branch Office. What should you do from a domain controller in the main office?

• A. From Windows Power Shell, run the Get-GPO Report cmdlet.
• B. From a command prompt, run repadmin.exe.
• C. From a command prompt, run dcdlage.exe.
• D. From Group Policy Management, click Default Domain Policy under Contoso.com

Answer: A

NEW QUESTION 18
Your network contains an Active Directory forest. The forest contains a domain named contoso.com. The domain contains three domain controllers.
A domain controller named lon-dc1 fails. You are unable to repair lon-dc1.
You need to prevent the other domain controllers from attempting to replicate to lon-dc1. Solution: From Active Directory Sites and Services, you remove the object of lon-dc1. Does this meet the goal?

• A. Yes
• B. No

Answer: B

NEW QUESTION 19
Your network contains an Active Directory domain named contoso.com. All the accounts of the users in the sales department are in an organizational unit (OU) named SalesOU.
An application named App1 is deployed to the user accounts in SalesOU by using a Group Policy object (GPO) named Sales GPO.
You need to set the registry value of HKEY_CURRENT_USERSoftwareApp1Collaboration to 0. Solution: You add a computer preference that has a Create action.
Does this meet the goal?

• A. Yes
• B. NO

Answer: B