Microsoft Identity with Windows Server 2016 (070-742) Free Practice Test
Question 1
Your network contains an Active Directory domain named contoso.com.
You have an organizational unit (OU) named OU1 that contains the computer accounts of two servers and the user account of a user named User1. A Group Policy object (GPO) named GPO1 is linked to OU1.
You have an application named App1 that installs by using an application installer named App1.exe.
You need to publish App1 to OU1 by using Group Policy.
What should you do?
You have an organizational unit (OU) named OU1 that contains the computer accounts of two servers and the user account of a user named User1. A Group Policy object (GPO) named GPO1 is linked to OU1.
You have an application named App1 that installs by using an application installer named App1.exe.
You need to publish App1 to OU1 by using Group Policy.
What should you do?
Correct Answer: D
Question 2
Your network contains an Active Directory domain named contoso.com. The domain contains a read-only domain controller (RODC) named RODC1.
The domain contains the users shown in the following table.
Group1 is a member of the Backup Operators group.
RODC1 has a Password Replication Policy configured as shown in the exhibit. (Click the Exhibit button.) Exhibit:
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
The domain contains the users shown in the following table.
Group1 is a member of the Backup Operators group.
RODC1 has a Password Replication Policy configured as shown in the exhibit. (Click the Exhibit button.) Exhibit:
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Correct Answer:
Explanation
Question 3
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server
2016.
You have a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com.
You deploy Active Directory Federation Services (AD FS) and a Web Application Proxy to the Active Directory domain.
You need to configure the AD FS deployment to support Azure Multi-Factor Authentication (MFA) as the primary authentication method.
Which three actions should you perform in sequence on the AD FS server? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
2016.
You have a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com.
You deploy Active Directory Federation Services (AD FS) and a Web Application Proxy to the Active Directory domain.
You need to configure the AD FS deployment to support Azure Multi-Factor Authentication (MFA) as the primary authentication method.
Which three actions should you perform in sequence on the AD FS server? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Correct Answer:
Explanation
Box 1: New-AdfsAzureMfaTenantCertificate
First step of the configuration is to generate a certificate for Azure MFA using the New-AdfsAzureMfaTenantCertificate -TenantId cmdlet.
Box 2: New-MsolServicePrincipalCredential
Connect to the Azure AD and use New-MsolServicePrincipalCredential to configure Azure MFA Clients to use it as a credential to connect with AD FS Box 3 Set-AdfsAzureMfaTenant Configure ADFS to use Azure AD by using the Set-AdfsAzureMfaTenant -TenantId cmdlet.
Reference:
http://www.rebeladmin.com/2017/09/step-step-guide-configure-azure-mfa-adfs-2016/
Question 4
Note: This question is part of a series of questions that use the same or similar answer choices. An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in this series.
Information and details provided in a question apply only to that question.
Your network contains an Active Directory domain named contoso.com. The domain contains 5,000 user accounts.
You have a Group Policy object (GPO) named DomainPolicy that is linked to the domain and a GPO named DCPolicy that is linked to the Domain Controllers organizational unit (OU).
You need to configure the Documents folder of every user to be stored on a server named FileServer1.
What should you do?
Information and details provided in a question apply only to that question.
Your network contains an Active Directory domain named contoso.com. The domain contains 5,000 user accounts.
You have a Group Policy object (GPO) named DomainPolicy that is linked to the domain and a GPO named DCPolicy that is linked to the Domain Controllers organizational unit (OU).
You need to configure the Documents folder of every user to be stored on a server named FileServer1.
What should you do?
Correct Answer: F
Question 5
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory domain named contoso.com.
A user named User1 is in an organizational unit (OU) named OU1.
You are troubleshooting a folder access issue for User1.
You need a list of groups to which User1 is either a direct member or an indirect member.
Solution: You instruct User 1 to sign in and run whoami.exe/groups.
Does this meet the goal?
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory domain named contoso.com.
A user named User1 is in an organizational unit (OU) named OU1.
You are troubleshooting a folder access issue for User1.
You need a list of groups to which User1 is either a direct member or an indirect member.
Solution: You instruct User 1 to sign in and run whoami.exe/groups.
Does this meet the goal?
Correct Answer: B
Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).
Question 6
Your network contains an Active Directory domain named contoso.com.
You have an organizational unit (OU) named OU1. A Group Policy object (GPO) named GPO1 is linked to OU1.
You create a user named User1, and you assign User1 the Full control permission to OU1.
Which administrative action for GPOs can User1 perform?
You have an organizational unit (OU) named OU1. A Group Policy object (GPO) named GPO1 is linked to OU1.
You create a user named User1, and you assign User1 the Full control permission to OU1.
Which administrative action for GPOs can User1 perform?
Correct Answer: D
Question 7
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You deploy a new Active Directory forest.
You need to ensure that you can create a group Managed Service Account (gMSA) for multiple member servers.
Solution: You configure Kerberos constrained delegation on the computer account of each member server.
Does this meet the goal?
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You deploy a new Active Directory forest.
You need to ensure that you can create a group Managed Service Account (gMSA) for multiple member servers.
Solution: You configure Kerberos constrained delegation on the computer account of each member server.
Does this meet the goal?
Correct Answer: A
Question 8
Your network contains an Active Directory forest. The forest contains two domains named litwarenc.com and contoso.com. The contoso.com domain contains two domains controllers named LON-DC01 and LON-DC02.
The domain controllers are located in a site named London that is associated to a subnet of 192.168.10.0/24 You discover that LON-DC02 is not a global catalog server.
You need to configure LON-DC02 as a global catalog server.
What should you do?
The domain controllers are located in a site named London that is associated to a subnet of 192.168.10.0/24 You discover that LON-DC02 is not a global catalog server.
You need to configure LON-DC02 as a global catalog server.
What should you do?
Correct Answer: C
Question 9
Your network contains an Active Directory domain named adatum.com. The domain uses Active Directory Federation Services (AD FS), AD FS has a relying party trust named RP1 to a claims-aware application named App1. The domain contains the users shown in the following table.
The network contains the network segments shown in the following table.
The following access control policy is assigned to RP1.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
The network contains the network segments shown in the following table.
The following access control policy is assigned to RP1.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Correct Answer:
Explanation
Question 10
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory domain named contoso.com. You have an organizational unit (OU) named LondonUsers that contains 10,000 users. You need to modify the office attribute of all the users in the LondonUsers OU.
Solution: You create an LDIF file. You run ldifde.exe and specify the -i and -f parameters.
Does this meet the goal?
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory domain named contoso.com. You have an organizational unit (OU) named LondonUsers that contains 10,000 users. You need to modify the office attribute of all the users in the LondonUsers OU.
Solution: You create an LDIF file. You run ldifde.exe and specify the -i and -f parameters.
Does this meet the goal?
Correct Answer: A
Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).
Question 11
You network contains an Active Directory domain named contoso.com. The domain contains an enterprise certification authority (CA).
A user named Admin1 is a member of the Domain Admins group.
You need to ensure that you can archive keys on the CA. The solution must use Admin1 as a key recovery agent.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
A user named Admin1 is a member of the Domain Admins group.
You need to ensure that you can archive keys on the CA. The solution must use Admin1 as a key recovery agent.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Correct Answer:
Explanation
Question 12
Your network contains an Active Directory domain. The domain contains a domain controller named DC1 that runs Windows Server 2016.
You start DC1 in Directory Services Restore Mode (DSRM).
You need to compact the Active Directory database on DC1.
Which three action should you perform in sequence?
You start DC1 in Directory Services Restore Mode (DSRM).
You need to compact the Active Directory database on DC1.
Which three action should you perform in sequence?
Correct Answer:
Explanation
https://technet.microsoft.com/en-us/library/cc794920(v=ws.10).aspx
Question 13
Your company has multiple branch offices.
The network contains an Active Directory domain named contoso.com.
In one of the branch offices, a new technician is hired to add computers to the domain.
After successfully joining multiple computers to the domain, the technician fails to join anymore computers to the domain.
You need to ensure that the technician can join an unlimited number of computers to the domain.
What should you do?
The network contains an Active Directory domain named contoso.com.
In one of the branch offices, a new technician is hired to add computers to the domain.
After successfully joining multiple computers to the domain, the technician fails to join anymore computers to the domain.
You need to ensure that the technician can join an unlimited number of computers to the domain.
What should you do?
Correct Answer: A