[2017 New] 70-742 Exam Dumps Free Download In Lead2pass 100% 70-742 Exam Questions (21-40)

2017 May Microsoft Official New Released 70-742 Q&As in Lead2pass.com!

100% Free Download! 100% Pass Guaranteed!

Pass 70-742 exam with the latest Lead2pass 70-742 dumps: Lead2pass 70-742 exam questions and answers in PDF are prepared by our experts. Moreover, they are based on the recommended syllabus that covering all the 70-742 exam objectives.

Following questions and answers are all new published by Microsoft Official Exam Center: http://www.lead2pass.com/70-742.html

QUESTION 21
Your network contains an Active Directory forest named contoso.com
Your company plans to hire 500 temporary employees for a project that will last 90 days.
You create a new user account for each employee. An organizational unit (OU) named Temp contains the user accounts for the employees.
You need to prevent the new users from accessing any of the resources in the domain after 90 days.
What should you do?

A.    Run the Get-ADUser cmdlet and pipe the output to the Set-ADUser cmdlet.
B.    Create a group that contains all of the users in the Temp OU. Create a Password Setting object (PSO) for the new group.
C.    Create a Group Policy object (GPO) and link the GPO to the Temp OU. Modify the Password Policy settings of the GPO.
D.    Run the GET-ADOrganizationalUnit cmdlet and pipe the output to the Set-Date cmdlet.

Answer: A

QUESTION 22
Your network contains an Active Directory forest named contoso.com.
The forest contains a member server named Server1 that runs Windows Server 2016.
Server1 is located in the perimeter network.
You install the Active Directory Federation Services server role on Server1.
You create an Active Directory Federation Services (AD FS) farm by using a certificate that has a subject name of sts.contoso.com.
You need to enable certificate authentication from the Internet on Server1.
Which two inbound TCP ports should you open on the firewall? Each correct answer presents part of the solution.

A.    389
B.    443
C.    3389
D.    8531
E.    49443

Answer: BE

QUESTION 23
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Your network contains an Active Directory forest named contoso.com.
The forest contains a member server named Server1 that runs Windows Server 2016.
All domain controllers run Windows Server 2012 R2.
Contoso.com has the following configuration.

PS C:\> (Get-ADForest).ForestMode
Windows2008R2Forest
PS C:\> (Get-ADDomain).DomainMode
Windows2008R2Domain
PS C:\>

You plan to deploy an Active Directory Federation Services (AD FS) farm on Server1 and to configure device registration.
You need to configure Active Directory to support the planned deployment.
Solution: You run adprep.exe from the Windows Server 2016 installation media.
Does this meet the goal?

A.    Yes
B.    No

Answer: A
Explanation:
Device Registration requires Windows Server 2012 R2 forest schema.

QUESTION 24
Your network contains an Active Directory domain named contoso.com.
You have an organizational unit (OU) named TestOU that contains test computers.
You need to enable a technician named Tech1 to create Group Policy objects (GPOs) and to link the GPOs to TestOU.
The solution must use the principle of least privilege.
Which two actions should you perform? Each correct answer presents part of the solution.

A.    Add Tech1 to the Group Policy Creator Owners group.
B.    From Group Policy Management, modify the Delegation settings of the TestOU OU.
C.    Add Tech1 to the Protected Users group.
D.    From Group Policy Management, modify the Delegation settings of the contoso.com container.
E.    Create a new universal security group and add Tech1 to the group.

Answer: AB

QUESTION 25
You have users that access web applications by using HTTPS. The web applications are located on the servers in your perimeter network. The servers use certificates obtained from an enterprise root certification authority (CA). The certificates are generated by using a custom template named WebApps. The certificate revocation list (CRL) is published to Active Directory.
When users attempt to access the web applications from the Internet, the users report that they receive a revocation warning message in their web browser.
The users do not receive the message when they access the web applications from the intranet.
You need to ensure that the warning message is not generated when the users attempt to access the web applications from the Internet.
What should you do?

A.    Install the Certificate Enrollment Web Service role service on a server in the perimeter network.
B.    Modify the WebApps certificate template, and then issue the certificates used by the web application servers.
C.    Install the Web Application Proxy role service on a server in the perimeter network.
Create a publishing point for the CA.
D.    Modify the CRL distribution point, and then reissue the certificates used by the web application servers.

Answer: C

QUESTION 26
Your network contains an Active Directory forest named contoso.com.
The forest contains several domains.
An administrator named Admin01 installs Windows Server 2016 on a server named Server1 and then joins Server1 to the contoso.com domain.
Admin01 plans to configure Server1 as an enterprise root certification authority (CA).
You need to ensure that Admin01 can configure Server1 as an enterprise CA. The solution must use the principle of least privilege.
To which group should you add Admin01?

A.    Server Operators in the contoso.com domain
B.    Cert Publishers on Server1
C.    Enterprise Key Admins in the contoso.com domain
D.    Enterprise Admins in the contoso.com domain.

Answer: D

QUESTION 27
Note: This question is part of a series of questions that use the same or similar answer choices. An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in this series. Information and details provided in a question apply only to that question.

Your network contains an Active Directory domain named contoso.com.
The domain contains 5,000 user accounts.
You have a Group Policy object (GPO) named DomainPolicy that is linked to the domain and a GPO named DCPolicy that is linked to the Domain Controllers organizational unit (OU).
You need to configure the Documents folder of every user to be stored on a server named FileServer1.
What should you do?

A.    From the Computer Configuration node of DCPolicy, modify Security Settings.
B.    From the Computer Configuration node of DomainPolicy, modify Security Settings.
C.    From the Computer Configuration node of DomainPolicy, modify Administrative Templates.
D.    From the User Configuration node of DCPolicy, modify Security Settings.
E.    From the User Configuration node of DomainPolicy, modify Folder Redirection.
F.    From user Configuration node of DomainPolicy, modify Administrative Templates.
G.    From Preferences in the User Configuration node of DomainPolicy, modify Windows Settings.
H.    From Preferences in the Computer Configuration node of DomainPolicy, modify Windows Settings.

Answer: E

QUESTION 28
Your network contains an Active Directory forest named contoso.com.
You have an Active Directory Federation Services (AD FS) farm.
The farm contains a server named Server1 that runs Windows Server 2012 R2.
You add a server named Server2 to the farm. Server2 runs Windows Server 2016.
You remove Server1 from the farm.
You need to ensure that you can use role separation to manage the farm.
Which cmdlet should you run?

A.    Set-AdfsFarmInformation
B.    Update-AdfsRelyingPartyTrust
C.    Set-AdfsProperties
D.    Invoke-AdfsFarmBehaviorLevelRaise

Answer: A

QUESTION 29
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Your network contains an Active Directory domain named contoso.com.
The domain contains a server named Server1 that runs Windows Server 2016.
The computer account for Server1 is in organizational unit (OU) named OU1.
You create a Group Policy object (GPO) named GPO1 and link GPO1 to OU1.
You need to add a domain user named User1 to the local Administrators group on Server1.
Solution: From a domain controller, you run the Set-AdComputer cmdlet.
Does this meet the goal?

A.    Yes
B.    No

Answer: B

QUESTION 30
Your company recently deployed a new child domain to an Active Directory forest.
You discover that a user modified the Default Domain Policy to configure several Windows components in the child domain.
A company policy states that the Default Domain Policy must be used only to configure domain-wide security settings.
You create a new Group Policy object (GPO) and configure the settings for the Windows components in the new GPO.
You need to restore the Default Domain Policy to the default settings from when the domain was first installed.
What should you do?

A.    From Group Policy Management, click Starter GPOs, and then click Manage Backups.
B.    From a command prompt, run the dcgpofix.exe command.
C.    From Windows PowerShell, run the Copy-GPO cmdlet.
D.    Run ntdsutil.exe to perform a metadata cleanup and a semantic database analysis.

Answer: B

QUESTION 31
Note: This question is part of a series of questions that use the same or similar answer choices. An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in this series. Information and details provided in a question apply only to that question.

Your network contains an Active Directory forest named contoso.com.
The forest functional level is Windows Server 2012 R2.
You need to ensure that a domain administrator can recover a deleted Active Directory object quickly.
Which tool should you use?

A.    Dsadd quota
B.    Dsmod
C.    Active Directory Administrative Center
D.    Dsacls
E.    Dsamain
F.    Active Directory Users and Computers
G.    Ntdsutil
H.    Group Policy Management Console

Answer: C

QUESTION 32
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You network contains an Active Directory forest named contoso.com.
The forest contains an Active Directory Rights Management Services (AD RMS) deployment.
Your company establishes a partnership with another company named Fabrikam, Inc.
The network of Fabrikam contains an Active Directory forest named fabrikam.com and an AD RMS deployment.
You need to ensure that the users in contoso.com can access rights protected documents sent by the users in fabrikam.com.
Solution: From AD RMS in contoso.com, you configure fabrikam.com as a trusted user domain.
Does this meet the goal?

A.    Yes
B.    No

Answer: B
Explanation:
Contoso would need to be the Trusted User Domain.

QUESTION 33
Note: This question is part of a series of questions that use the same scenario. For your convenience, the scenario is repeated in each question. Each question presents a different goal and answer choices, but the text of the scenario is exactly the same in each question in this series.

Start of repeated scenario.

Your network contains an Active Directory domain named contoso.com.
The domain contains a single site named Site1. All computers are in Site1.
The Group Policy objects (GPOs) for the domain are configured as shown in the exhibit. (Click the Exhibit button.)

 

The relevant users and client computer in the domain are configured as shown in the following table.
 
End of repeated scenario.

You are evaluating what will occur when you block inheritance on OU4.
Which GPO or GPOs will apply to User1 when the user signs in to Computer1 after block inheritance is configured?

A.    A1, A5, and A6
B.    A3, A1, A5, and A7
C.    A3 and A7 only
D.    A7 only

Answer: D

QUESTION 34
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You network contains an Active Directory forest named contoso.com.
The forest contains an Active Directory Rights Management Services (AD RMS) deployment.
Your company establishes a partnership with another company named Fabrikam, Inc.
The network of Fabrikam contains an Active Directory forest named fabrikam.com and an AD RMS deployment.
You need to ensure that the users in contoso.com can access rights protected documents sent by the users in fabrikam.com.
Solution: From AD RMS in contoso.com, you configure fabrikam.com as a trusted publisher domain.
Does this meet the goal?

A.    Yes
B.    No

Answer: A

QUESTION 35
Your network contains an Active Directory domain named contoso.com.
You have a Group Policy object (GPO) named GPO1. GPO1 is linked to an organizational unit (OU) named OU1.
GPO1 contains several corporate desktop restrictions that apply to all computers.
You plan to deploy a printer to the computers in OU1.
You need to ensure that any user who signs in to a computer that runs Windows 10 in OU1 receives the new printer.
All of the computers in OU1 must continue to apply the corporate desktop restrictions from GPO1.
What should you configure?

A.    a user preference and a WMI filter on GPO1.
B.    a computer preference that uses item-level targeting
C.    a computer preference and WMI filter on GPO1
D.    a user preference that uses item-level targeting

Answer: D

QUESTION 36
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Your network contains an Active Directory domain named contoso.com.
The domain contains a server named Server1 that runs Windows Server 2016.
The computer account for Server1 is in organizational unit (OU) named OU1.
You create a Group Policy object (GPO) named GPO1 and link GPO1 to OU1.
You need to add a domain user named User1 to the local Administrators group on Server1.
Solution: From the Computer Configuration node of GPO1, you configure the Account Policies settings.
Does this meet the goal?

A.    Yes
B.    No

Answer: B

QUESTION 37
Note: This question is part of a series of questions that use the same or similar answer choices. An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in this series. Information and details provided in a question apply only to that question.

Your network contains an Active Directory domain named contoso.com.
You need to limit the number of Active Directory Domain Services (AD DS) objects that a user can create in the domain.
Which tool should you use?

A.    Dsadd quota
B.    Dsmod
C.    Active Directory Administrative Center
D.    Dsacls
E.    Dsamain
F.    Active Directory Users and Computers
G.    Ntdsutil
H.    Group Policy Management Console

Answer: A

QUESTION 38
Note: This question is part of a series of questions that use the same or similar answer choices. An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in this series. Information and details provided in a question apply only to that question.

Your network contains an Active Directory domain named contoso.com.
The domain contains a domain controller named Server1.
You recently restored a backup of the Active Directory database from Server1 to an alternate Location.
The restore operation does not interrupt the Active Directory services on Server1.
You need to make the Active Directory data in the backup accessible by using Lightweight Directory Access Protocol (LDAP).
Which tool should you use?

A.    Dsadd quota
B.    Dsmod
C.    Active Directory Administrative Center
D.    Dsacls
E.    Dsamain
F.    Active Directory Users and Computers
G.    Ntdsutil
H.    Group Policy Management Console

Answer: E

QUESTION 39
Your network contains an Active Directory forest. The forest contains two domains named litwarenc.com and contoso.com.
The contoso.com domain contains two domains controllers named LON-DC01 and LON-DC02.
The domain controllers are located in a site named London that is associated to a subnet of 192.168.10.0/24
You discover that LON-DC02 is not a global catalog server.
You need to configure LON-DC02 as a global catalog server.
What should you do?

A.    From Active Directory Sites and Services, modify the properties of the 192.168.10.0/24 IP subnet.
B.    From Windows PowerShell, run the Set-NetNatGlobal cmdlet.
C.    From Active Directory Sites and Services, modify the NTDS Settings object of LON- DC02.
D.    From Windows PowerShell, run the Enable-ADOptionalFeature cmdlet.

Answer: C

QUESTION 40
Note: This question is part of a series of questions that use the same scenario. For your convenience, the scenario is repeated in each question. Each question presents a different goal and answer choices, but the text of the scenario is exactly the same in each question in this series.

Start of repeated scenario.

Your network contains an Active Directory domain named contoso.com.
The domain contains a single site named Site1. All computers are in Site1.
The Group Policy objects (GPOs) for the domain are configured as shown in the exhibit. (Click the Exhibit button.)

 

The relevant users and client computer in the domain are configured as shown in the following table.
 
End of repeated scenario.

You are evaluating what will occur when you disable the Group Policy link for A6.
Which GPOs will apply to User2 when the user signs in to Computer1 after the link for A6 is disabled?

A.    A1 and A5 only
B.    A3, A1, and A5 only
C.    A3, A1, A5, and A4 only
D.    A3, A1, A5, and A7

Answer: D

Comparing with others’, you will find our 70-742 exam questions are more helpful and precise since all the 70-742 exam content is regularly updated and has been checked for accuracy by our team of Microsoft expert professionals.

70-742 new questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDTm5xYXNzYkNzbEU

2017 Microsoft 70-742 exam dumps (All 55 Q&As) from Lead2pass:

http://www.lead2pass.com/70-742.html [100% Exam Pass Guaranteed!!!]