The latest updates Microsoft MCSA 70-742 dumps, 70-742 pdf free download, 70-742 exam practice test questions to improve your skills.
“Identity with Windows Server 2016 ” 70-742 Exam. Easy to pass the exam: Pass4itsure.com!
The latest Microsoft MCSA 70-742 pdf free download
[PDF] Free Microsoft 70-742 pdf dumps download from Google Drive: https://drive.google.com/open?id=1Cq7DdY9wIOIMCYPG68MXVmh274oAM-72
[PDF] Free Full Microsoft pdf dumps download from Google Drive: https://drive.google.com/open?id=1gdQrKIsiLyDEsZ24FxsyukNPYmpSUDDO
Valid information provided by Microsoft officials
Exam 70-742: Identity with Windows Server 2016 – Microsoft: https://www.microsoft.com/en-us/learning/exam-70-742.aspx Candidates for this exam manage identities using the functionalities in Windows Server 2016. Candidates install, configure, manage, and maintain Active Directory Domain Services (AD DS) as well as implement Group Policy Objects (GPOs).
Candidates should also be familiar with implementing and managing Active Directory Certificate Services (AD CS), Active Directory
Federations Services (AD FS), Active Directory Rights Management Services (AD RMS), and Web Application proxy.
pass4itsure 70-742 exam Skills measured
This exam measures your ability to accomplish the technical tasks listed below.
- Install and Configure Active Directory Domain Services (AD DS) (20-25%)
- Manage and Maintain AD DS (15-20%)
- Create and Manage Group Policy (25-30%)
- Implement Active Directory Certificate Services (AD CS) (10-15%)
- Implement Identity Federation and Access Solutions (15-20%)
Latest Microsoft MCSA 70-742 Exam Practice Test Questions and Answers
QUESTION 1
Your company has multiple branch offices.
The network contains an Active Directory domain named contoso.com.
In one of the branch offices, a new technician is hired to add computers to the domain.
After successfully joining multiple computers to the domain, the technician fails to join any more computers to the
domain.
You need to ensure that the technician can join an unlimited number of computers to the domain.
What should you do?
A. Configure the technician\\’s user account as a manager service account.
B. Run the Set-ADComputer cmdlet.
C. Modify the Security settings of the Computers container.
D. Add the technician to the Domain Computers group.
Correct Answer: C
Users who have the Create Account Objects privilege for the Computers container can create an unlimited number of
computer accounts in the domain. You can grant this privilege by accessing the Advanced Security settings on the
Security Tab of the Computer container via Active Directory Users And Computers or the Active Directory Administrative
Center.
References: https://books.google.co.za/books?id=LvNODQAAQBAJandpg=PT268andlpg=PT268anddq=Modify+the+Se
curity+settings+of+the+Computers+container+2016andsource=blandots=1lRBQ21cL0andsig=1AUSon_6cjIqyN_927iOB
7z3Egandhl=enandsa=Xandved=0ahUKEwjBi4OS-rnbAhXKD8AKHerKDcgQ6AEISjAC#v=onepageandq=Modify%20th
e%20Security%20settings%20of%20the%20Computers%20container%202016andf=false
QUESTION 2
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains
a unique solution that might meet the stated goals. Some question sets might have more than one correct solution,
while
others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not
appear in the review screen.
Your network contains an Active Directory forest named contoso.com. The forest contains a member server named
Server1 that runs Windows Server 2016. All domain controllers run Windows Server 2012 R2.
Contoso.com has the following configuration.
PS C:\> (Get-ADForest).ForestMode
Windows2008R2Forest
PS C:\> (Get-ADDomain).DomainMode Windows2008R2Domain PS C:\>
You plan to deploy an Active Directory Federation Services (AD FS) farm on Server1 and to configure device
registration.
You need to configure Active Directory to support the planned deployment.
Solution: You raise the domain functional level to Windows Server 2012 R2.
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
Device Registration requires Windows Server 2012 R2 forest schema (not just domain schema).
References: https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/deployment/configure-a-federation-server-with-device-registration-service
QUESTION 3
Your network contains an Active Directory forest named contoso.com. The forest contains several domains.
An administrator named Admin01 installs Windows Server 2016 on a server named Server1 and then joins Server1 to
the contoso.com domain.
Admin01 plans to configure Server1 as an enterprise root certification authority (CA).
You need to ensure that Admin01 can configure Server1 as an enterprise CA. The solution must use the principle of
least privilege.
To which group should you add Admin01?
A. Server Operators in the contoso.com domain
B. Cert Publishers on Server1
C. Enterprise Key Admins in the contoso.com domain
D. Enterprise Admins in the contoso.com domain.
Correct Answer: D
To install Active Directory Certificate Services, log on as a member of both the Enterprise Admins group and the root
domain\\’s Domain Admins group. References: https://docs.microsoft.com/en-us/windows-server/networking/core-network-guide/cncg/server-certs/install-the-certification-authority
QUESTION 4
Note: This question is part of a series of questions that use the same or similar answer choices. An answer choice may
be correct for more than one question in the series. Each question is independent of the other questions in this series.
Information and details provided in a question apply only to that question.
Your network contains an Active Directory domain named contoso.com. You recently deleted 5,000 objects from the
Active Directory database.
You need to reduce the amount of disk space used to store the Active Directory database on a domain controller. Which
tool should you use?
A. Dsadd quota
B. Dsmod
C. Active Directory Administrative Center
D. Dsacls
E. Domain
F. Active Directory Users and Computers
G. Ntdsutil
H. Group Policy Management Console
Correct Answer: G
QUESTION 5
Note: This question is part of a series of questions that use the same or similar answer choices. An answer choice may
be correct for more than one question in the series. Each question is independent of the other questions in this series.
Information and details provided in a question apply only to that question.
Your network contains an Active Directory domain named contoso.com. The domain contains 5,000 user accounts.
You have a Group Policy object (GPO) named DomainPolicy that is linked to the domain and a GPO named DCPolicy
that is linked to the Domain Controllers organizational unit (OU).
You need to use the application control policy settings to prevent several applications from running on the network.
What should you do?
A. From the Computer Configuration node of DCPolicy, modify Security Settings.
B. From the Computer Configuration node of DomainPolicy, modify Security Settings.
C. From the Computer Configuration node of DomainPolicy, modify Administrative Templates.
D. From the User Configuration node of DCPolicy, modify Security Settings.
E. From the User Configuration node of DomainPolicy, modify Folder Redirection.
F. From user Configuration node of DomainPolicy, modify Administrative Templates.
G. From Preferences in the User Configuration node of DomainPolicy, modify Windows Settings.
H. From Preferences in the Computer Configuration node of DomainPolicy, modify Windows Settings.
Correct Answer: B
QUESTION 6
Your network contains an Active Directory domain named contoso.com. The domain contains two servers named
Server1 and Server2 that run Windows Server 2016. The computer accounts of Server1 and Server2 are in the
Computers container.
A Group Policy object (GPO) named GPO1 is linked to the domain. GPO1 has multiple computer settings defined and
has following configurations.
An administrator discovers that GPO1 is not applied to Server1. GPO1 is applied to Server2. Which configuration
possibly prevents GPO1 from being applied to Server1?
A. The permissions on the domain object of contoso.com
B. The WMI filter settings
C. The Enforced setting of GPO1
D. The GpoStatus property
E. The loopback processing mode in GPO1
F. The permissions on the domain object of contoso.com
Correct Answer: B
References: https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-firewall/create-wmi-filters-for-the-gpo
QUESTION 7
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains
a unique solution that might meet the stated goals. Some question sets might have more than one correct solution,
while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not
appear in the review screen. Your network contains an Active Directory forest named contoso.com. The forest contains
a member server named Server1 that runs Windows Server 2016. All domain controllers run Windows Server 2012 R2.
Contoso.com has the following configuration.
PS C:\> (Get-ADForest).ForestMode
Windows2008R2Forest PS C:\> (Get-ADDomain).DomainMode Windows2008R2Domain PS C:\>
You plan to deploy an Active Directory Federation Services (AD FS) farm on Server1 and to configure device
registration.
You need to configure Active Directory to support the planned deployment.
Solution: You upgrade a domain controller to Windows Server 2016.
Does this meet the goal?
A. Yes
B. No
Correct Answer: A
Device Registration requires Windows Server 2012 R2 forest schema. Upgrading a domain controller will run
adprep.exe to upgrade the schema as part of the upgrade process.
References: https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/deployment/configure-a-federation-server-
with-device-registration-service https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/deploy/upgrade-domain-
controllers-towindows-server-2012-r2-and-windows-server-2012
QUESTION 8
Your network contains an Active Directory forest named contoso.com. The domain contains an Active Directory
Federation Services (AD FS) server named Server1.
On a standalone server named Server2, you install and configure the Web Application Proxy.
You have an internal web application named WebApp1. AD FS has a relying party trust for WebApp1.
You need to provide external users with access to WebApp1. Authentication to WebApp1 must use AD FS
preauthentication.
Which tool should you use to publish WebApp1?
A. Remote Access Management on Server2
B. Remote Access Management on Server1
C. AD FS Management on Server2
D. AD FS Management on Server1
E. Routing and Remote Access on Server1
Correct Answer: A
References: https://docs.microsoft.com/en-us/windows-server/remote/remote-access/web-application-proxy/publishing-applications-using-ad-fs-preauthentication
QUESTION 9
Your network contains an Active Directory forest named contoso.com. Users frequently access the website of an
external partner company.
The URL of the website is http://partners.adatum.com.
The partner company informs you that it will perform maintenance on its Web server and that the IP addresses of the
Web server will change.
After the change is complete, the users on your internal network report that they fail to access the website.
However, some users who work from home report that they can access the website.
You need to ensure that your DNS servers can resolve partners.adatum.com to the correct IP address immediately.
What should you do?
A. Run dnscmd and specify the CacheLockingPercent parameter.
B. Run Set-DnsServerGlobalQueryBlockList.
C. Run ipconfig and specify the Renew parameter.
D. Run Set-DnsServerCache.
Correct Answer: D
QUESTION 10
Your network contains an Active Directory forest. The forest contains a forest root domain named contoso.com and a
child domain named eu.contoso.com. Each domain contains two domain controllers that run Windows Server 2012 R2.
The forest functional level is Windows Server 2008 R2. The domain functional level of contoso.com is Windows Server
2012 R2. The domain functional level of eu.contoso.com is Windows Server 2008 R2.
You need to raise the domain functional level of contoso.com to Windows Server 2016. The solution must minimize
administrative effort.
What should you do before you raise the domain functional level?
A. Raise the forest functional level
B. Upgrade all of the domain controllers in the forest
C. Upgrade all of the domain controllers in contoso.com
D. Raise the domain functional level of eu.contoso.com
Correct Answer: C
References: https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/active-directory-functional-levels
QUESTION 11
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains
a unique solution that might meet the stated goals. Some question sets might have more than one correct solution,
while
others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not
appear in the review screen.
Your network contains an Active Directory domain named contoso.com. The domain contains two domain controllers
named DC1 and DC2.
DC1 holds the RID master operations role. DC1 fails and cannot be repaired. You need to move the RID role to DC2.
Solution: On DC2, you open the command prompt, run ntdsutil.exe, connect to DC2, and use the Transfer RID master
option.
Does this meet the goal?
A. Yes
B. No
Correct Answer: A
There are 2 ways of transferring FSMO roles. You can do that using graphical consoles available on a DC or any
server/workstation with Administrative Tools / Remote Server Administration Tools installed or using command-line tool
called
ntdsutil.
First of all you need to connect to Domain Controller to which you want to transfer FSMO roles. To do that you have to
type:
ntdsutil: roles (enter)
fsmo maintenance: connections (enter)
server connections: connect to server (enter)
server connections: quit (enter)
fsmo maintenance:
Now you will be able to transfer FSMO roles to selected Domain Controller.
RID master
fsmo maintenance: transfer RID master (enter)
Click “Yes” button to move role.
References: http://kpytko.pl/active-directory-domain-services/transferring-fsmo-roles-from-command-line/
QUESTION 12
You deploy a new enterprise certification authority (CA) named CA1.
You plan to issue certificates based on the User certificate template.
You need to ensure that the issued certificates are valid for two years and support autoenrollment.
What should you do first?
A. Run the certutil.exe command and specify the resubmit parameter.
B. Duplicate the User certificate template.
C. Add a new certificate template for CA1 to issue.
D. Modify the Request Handling settings for the CA.
Correct Answer: B
The built-in templates to do support allow auto-enrollment. You need to duplicate the template then modify the
permissions on the new template. References:
https://docs.centrify.com/en/centrify/adminref/index.html#page/cloudhelp/cloud-admin-install-create-cert-templates.html
QUESTION 13
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains
a unique solution that might meet the stated goals. Some question sets might have more than one correct solution,
while
others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not
appear in the review screen.
Your network contains an Active Directory forest named contoso.com.
You need to identify which server is the schema master.
Solution: You open Active Directory Users and Computers, right-click contoso.com in the console tree, and then click
Operations Master.
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
You need to use the Schema snap-in to find the schema master. The Schema snap-in is not installed by default but can
be installed by using Schmmgmt.dll.
References: https://www.petri.com/determining_fsmo_role_holders
Follow us! We update the latest effective exam dumps throughout the year to help you improve your skills! Microsoft MCSA 70-742 dumps share for free! Easy via 70-742 exam: https://www.pass4itsure.com/70-742.html (Q&As: 260)
Pass4itsure Promo Code 15% Off
Why Choose Pass4itsure?
Pass4itsure is the best provider of IT learning materials and the right choice for you to prepare for the Microsoft 70-742 exam.
Other brands started earlier, but the price is relatively expensive and the questions are not the newest. Pass4itsure provides the latest real questions and answers with the lowest prices, help you pass 70-742 exam easily at first try.