It is impossible to pass Microsoft 70-742 exam without any help in the short term. Come to Examcollection soon and find the most advanced, correct and guaranteed Microsoft 70-742 practice questions. You will get a surprising result by our Up to date Identity with Windows Server 2016 practice guides.

Microsoft 70-742 Free Dumps Questions Online, Read and Test Now.

NEW QUESTION 1
Your company has a marketing department and a security department.
The network contains an Active Directory domain named contoso.com. The domain contains an enterprise certification authority (CA).
You have two organizational units (OUs) named MKT_UsersOU and MKT_ComputersOU. MKT_UsersOU contains the user accounts for the users in the marketing department. MKT_ComputersOU contains the computer accounts for the computers in the marketing department.
A Group policy object (GPO) named GPO1 is linked to MKT_UsersOU. A GPO named GPO2 linked to MKT_ComputersOU.
You plan to deploy a web application for the marketing department users. The application will require certificates for authentication.
The security department configures the CA to support the planned deployment.
You need to ensure that the web application can authenticate the marketing department users. What should you do?

  • A. From the User Configuration node of GPO1, create an Internet Setting preference.
  • B. From the User Configuration node of GPO1, configure the Certificate Services Client - Auto enrollment settings.
  • C. From the Computer Configuration node of GPO2, configure the Certificate Services Client - Certificate Enrollment Policy settings.
  • D. From the Computer Configuration node of GPO2, create the Automatic Certificate Request Settings.

Answer: A

NEW QUESTION 2
Your company has an office in Montreal.
The network contains an Active Directory domain named contoso.com.
You have an organizational unit (OU) named Montreal that contains all of the users accounts for the users in the Montreal office. An office manager in the Montreal office knows each user personally.
You need to ensure that the office manager can provide the users with a new password if the users forget their password. What should you do?

  • A. From the Security settings of the Montreal OU, assign the office manager the Reset Password permission.
  • B. From the Security settings of each user account in the Montreal OU, assign the office manager the Change Password permission.
  • C. Create a Group Policy object (GPO) and link the GPO to the OU of the domai
  • D. Filter the GPO to the Montreal user
  • E. Assign the office manager the Apply Group Policy permission on the GP
  • F. Configure the Password Policy settings of the GPO.
  • G. Create a Group Policy object (GPO) and link the GPO to the Montreal O
  • H. Assign the office manager the Apply Group Policy permission on the GP
  • I. Configure the Password Policy settings of the GPO.

Answer: B

NEW QUESTION 3
Your network contains an Active Directory domain named contoso.com.
You have an administrative computer named Computer1 that runs Windows Server 2016. From Computer1, you edit a Group Policy object (GPO) named GPO1 as shown in the exhibit.
70-742 dumps exhibit
You receive a new administrative template named Template1. Template1 consists of Template1.adml. Template1 is in English US.
You need to ensure that the settings of Template1 appear under the Administrative Templates node.
To where should you copy the Template1 files? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
70-742 dumps exhibit

  • A. Mastered
  • B. Not Mastered

Answer: A

Explanation:
70-742 dumps exhibit

NEW QUESTION 4
Your company has an office in Montreal.
The network contains an Active Directory domain named conloso.com.
You have an organizational unit (OU) named Montreal that contains all of the users accounts for the users in the Montreal office. An office manager in the Montreal office knows each user personally.
You need to ensure that the office manager can provide the users with a new password if the users forget their password.
What should you do?

  • A. Create a Group Policy object (GPO) and link the GPO to the Montreal O
  • B. Assign the office manager the Apply Group Policy permission on the GP
  • C. Configure the Password Policy settings on the GPO.
  • D. From the Security settings of the Montreal OU, assign the office manager the Reset Password permission.
  • E. From the Security settings of each user account in the Montreal OU, assign the office manager the Change Password permission.
  • F. Create a Group Policy object (GPO) and link the GPO to the OU of the domai
  • G. Filter the GPO to the Montreal user
  • H. Assign the office manager the Apply Group Policy permission on the GP
  • I. Configure the Password Policy settings of the GPO.

Answer: A

NEW QUESTION 5
Your network contains an enterprise root certification authority (CA) named CA1.
Multiple computers on the network successfully enroll for certificates that will expire in one year. The certificates are based on a template named Secure_Computer. The template uses schema version 2.
You need to ensure that new certificates based on Secure_Computer are valid for three years. What should you do?

  • A. Modify the Validity period for the certificate template.
  • B. Instruct users to request certificates by running the certreq.exe command.
  • C. Instruct users to request certificates by using the Certificates console.
  • D. Modify the Validity period for the root CA certificate.

Answer: A

NEW QUESTION 6
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2016. The Computer account for Server1 is in organizational unit (OU) named OU1.
You create a Group Policy object (GPO) named GPO1 and link GPO1 to OU1.
You need to add a domain user named user1 to the local Administrators group on Server1.
Solution: From the Computer Configuration node of GPO1, you configure the Restricted Groups settings. Does this meet the goal?

  • A. Yes
  • B. No

Answer: B

NEW QUESTION 7
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a server named Web1 that runs Windows Server 2016.
You need to list all the SSL certificates on Web1 that will expire during the next 60 days. Solution: You run the following command.
Get-ChildItem Cert:\LocalMachine\My |? { $_.NotAfter –It (Get-Date).AddDays( 60 ) } Does this meet the goal?

  • A. Yes
  • B. No

Answer: B

NEW QUESTION 8
Your network contains an Active Directory domain named contoso.com. The domain contains a user named User1, a group named Group1, and an Organizational unit (OU) named OU1.
You need to enable User1 to link Group Policies to OU1.
Solution: From Active Directory Administrative Center, you add User1 to Group1. From Group Policy Management, you click the Group Policy Objects container. From the Delegation tab, you add Group1.

  • A. Yes
  • B. No

Answer: B

NEW QUESTION 9
Your network contains an Active Directory forest named contoso.com. They connect to the forest by using ldp.exe and receive the output as shown in the following exhibit.
70-742 dumps exhibit
Use drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
70-742 dumps exhibit

  • A. Mastered
  • B. Not Mastered

Answer: A

Explanation:
70-742 dumps exhibit

NEW QUESTION 10
Note: This question is part of a series of questions that use the same scenario. For your convenience, the scenario is repeated in each question. Each question presents a different goal and answer choices, but the text of the scenario is exactly the same in each question in this series.
Start of repeated scenario.
Your network contains an Active Directory domain named contoso.com. The domain contains a single site named Site1. All computers are in Site1.
The Group Policy objects (GPOs) for the domain are configured as shown in the exhibit. (Click the Exhibit button.)
70-742 dumps exhibit
The relevant users and client computer in the domain are configured as shown in the following table.
70-742 dumps exhibit
End of repeated scenario.
Which five GPOs will apply to User1 in sequence when the user signs in to Computer1? To answer, move the appropriate GPOs from the list to the answer area and arrange them in the correct order.
70-742 dumps exhibit

  • A. Mastered
  • B. Not Mastered

Answer: A

Explanation:
70-742 dumps exhibit

NEW QUESTION 11
Note: This question is part of a series of questions that use the same scenario. For your convenience, the scenario is repeated in each question. Each question presents a different goal and answer choices, but the text of the scenario is exactly the same in each question in this series.
Start of repeated scenario.
You work for a company named Contoso, Ltd.
The network contains an Active Directory forest named contoso.com. A forest trust exists between contoso.com and an Active Directory forest named adatum.com.
The contoso.com forest contains the objects configured as shown in the following table.
70-742 dumps exhibit
Group1 and Group2 contain only user accounts.
Contoso hires a new remote user named User3. User3 will work from home and will use a computer named
Computer3 that runs Windows 10. Computer3 is currently in a workgroup.
An administrator named Admin1 is a member of the Domain Admins group in the contoso.com domain. From Active Directory Users and Computers, you create an organizational unit (OU) named OU1 in the
contoso.com domain, and then you create a contact named Contact1 in OU1.
An administrator of the adatum.com domain runs the Set-ADUser cmdlet to configure a user named User1 to have a user logon name of User1@litwareinc.com.
End or repeated scenario.
You need to ensure that Admin1 can add Group2 as a member of Group3. What should you modify?

  • A. Modify the Security settings of Group3.
  • B. Modify the group scope of Group3.
  • C. Modify the group type of Group3.
  • D. Set Admin1 as the manager of Group3.

Answer: B

NEW QUESTION 12
Your network contains an Active Directory domain named contoso.com.
The domain contains an enterprise root certification authority (CA) on a server that runs Windows Server 2016.
You need to configure the CA to support Online Certificate Status Protocol (OCSP) responders. Which two actions should you perform? Each correct selection presents part of the solution. NOTE: Each correct selection is worth one point.

  • A. Add a new certificate template to issue.
  • B. Modify the Authority Information Access (AIA) of the CA.
  • C. Configure an enrollment agent.
  • D. Install a standalone subordinate CA.
  • E. Modify the CRL distribution point (CDP) of the CA.

Answer: AB

Explanation:
Once the OCSP service is configured, we need to configure the OCSP Response Signing template. This process includes adding an Authority Information Access (AIA) extension and then issuing a new certificate template.
References:
https://www.poweradmin.com/blog/deploying-active-directory-certificate-services-and-online-responder/

NEW QUESTION 13
Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2 that run Windows Server 2016.
Server1 has IP Address Management (IPAM) installed. Server2 has Microsoft System Center 2016 Virtual Machine Manager (VMM) installed.
You need to integrate IPAM and VMM.
Which types of objects should you create on each server? To answer, drag the appropriate object types to the correct servers. Each object type may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
70-742 dumps exhibit

  • A. Mastered
  • B. Not Mastered

Answer: A

Explanation:
Server 1 (IPAM): Access Policy
VMM must be granted permission to view and modify IP address space in IPAM, and to perform remote management of the IPAM server. VMM uses a “Run As” account to provide these permissions to the IPAM network service plugin. The “Run As” account must be configured with appropriate permission on the IPAM server.
To assign permissions to the VMM user account
In the IPAM server console, in the upper navigation pane, click ACCESS CONTROL, right-click Access Policies in the lower navigation pane, and then click Add AccessPolicy.
Etc.
Server 2 (VMM) #1: Network Service Server 2 (VMM) #2: Run As Account
Perform the following procedure using the System Center VMM console. To configure VMM (see step 1-3, step 6-7)
70-742 dumps exhibit
Etc.
References: https://technet.microsoft.com/en-us/library/dn783349(v=ws.11).aspx

NEW QUESTION 14
You have a Nano Server named Nano1 that runs Windows Server 2016. Nano1 is deployed to a virtual machine and is a member of a workgroup.
You need to join Nano1 to a domain named contoso.com.
Which two commands should you run? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
70-742 dumps exhibit

  • A. Mastered
  • B. Not Mastered

Answer: A

Explanation:
70-742 dumps exhibit

NEW QUESTION 15
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory domain named contoso.com. The domain contains two domain controllers named DC1 and DC2.
DC1 holds the RID master operations role. DC1 fails and cannot be repaired. You need to move the RID role to DC2.
Solution: On DC2, you open Windows PowerShell and run
Move-AddirectoryServerOperationMasterRole -OperationMasterRidMaster -Identity DC2.Adatum.com Does this meet the goal?

  • A. Yes
  • B. No

Answer: B

Explanation:
You would need to use the -Force parameter because the server that held the role (DC1) if offline.

NEW QUESTION 16
Your network contains an Active Directory domain named contoso.com.
You have an organizational unit (OU) named TestOU that contains test computers.
You need to enable a technician named Tech1 to create Group Policy objects (GPOs) and to link the GPOs to TestOU. The solution must use the principle of least privilege.
Which two actions should you perform? Each correct answer presents part of the solution.

  • A. Add Tech1 to the Group Policy Creator Owners group.
  • B. From Group Policy Management, modify the Delegation settings of the TestOU OU.
  • C. Add Tech1 to the Protected Users group.
  • D. From Group Policy Management, modify the Delegation settings of the contoso.com container.
  • E. Create a new universal security group and add Tech1 to the group.

Answer: AB

NEW QUESTION 17
Your network contains an Active Directory forest named contoso.com. The forest contains three domains named contoso.com, corp.contoso.com, and ext.contoso.com. The forest contains three Active Directory sites named Site1, Site2, and Site3.
You have the three administrators as described in the following table.
70-742 dumps exhibit
You create a Group Policy object (GPO) named GPO1.
Which administrator or administrators can link GPO1 to Site2?

  • A. Admin1 and Admin2 only
  • B. Admin1, Admin2, and Admin3
  • C. Admin3 only
  • D. Admin1 and Admin3 only

Answer: D

Explanation:
References:
https://technet.microsoft.com/en-us/library/cc732979(v=ws.11).aspx

NEW QUESTION 18
Your network contains an Active Directory domain named contoso.com. You need to create a central store for Group Policy administrative templates. What should you use?

  • A. Dcgpofix.exe
  • B. Group Policy Management Console (GPMC)
  • C. Gpfixup.exe
  • D. Copy-Item

Answer: D

NEW QUESTION 19
You have an enterprise certification authority (CA) named ContosoCA. Recovery agents are configured for ContosoCA.
You duplicate the User certificate template and name it Cont_User. You plan to issue the certificates based on Cont_User to provide users with the ability to encrypt email messages and files.
You need to ensure that the recovery agents can access any user-encrypted files and email messages if the users lose their certificate.
What should you do?

  • A. Issue a certificate based on a key recovery agent certificate.
  • B. Modify the Recovery Agents settings for ContosoCA.
  • C. Modify the Request Handling settings for Cont_User.
  • D. On ContosoCA, configure the Key Recovery Agent template as a certificate template to issue.

Answer: C

NEW QUESTION 20
You are deploying a web application named WebApp1 to your internal network. WebApp1 is hosted on a server named Web1 that runs Windows Server 2016.
You deploy an Active Directory Federation Services (AD FS) infrastructure and a Web Application Proxy to provide access to WebApp1 for remote users.
You need to ensure that Web1 can authenticate the remote users. What should you do?

  • A. Publish WebApp1 by using pass-through preauthentication.
  • B. Publish WebApp 1 as a Remote Desktop Gateway (RD Gateway) application in the Web Application Proxy.
  • C. Publish WebApp1 by using AD FS preauthentication.
  • D. Publish WebApp1 by using client certificate preauthentication.

Answer: A

NEW QUESTION 21
Your company recently deployed a new child domain to an Active Directory forest.
You discover that a user modified the Default Domain Policy to configure several Windows components in the child domain.
A company policy states that the Default Domain Policy must be used only to configure domain-wide security settings.
You create a new Group Policy object (GPO) and configure the settings for the Windows components in the new GPO.
You need to restore the Default Domain Policy to the default settings from when the domain was first installed.
What should you do?

  • A. From Group Policy Management, click Starter GPOs, and then click Manage Backups.
  • B. From a command prompt, run the dcgpofix.exe command.
  • C. From Windows PowerShell, run the Copy-GPO cmdlet.
  • D. Run ntdsutil.exe to perform a metadata cleanup and a semantic database analysis.

Answer: B

NEW QUESTION 22
Your network contains an Active Directory domain named contoso.com. The domain contains a user named User1, a group named Group1, and an Organizational unit (OU) named OU1.
You need to enable User1 to link Group Policies to OU1.
Solution: From Active Directory Users and Computers, you add User1 to the Group Policy Creator Owner group.
Does this meet the goal?

  • A. Yes
  • B. No

Answer: B

NEW QUESTION 23
Your network contains an Active Directory domain named contoso.com. The domain contains a username User1, a group named Group1, and an organizational unit (OU) named OU1.
You need to enable User1 to link Group Policies to OU1.
Solution: From Active Directory Administrative Center, you add User1 to Group1. From ADSI Edit, you grant Group1 Full Control permissions to the “CN=Policies, CN=System, DC=Contoso, DC=com” object.
Does this meet the goal?

  • A. Yes
  • B. NO

Answer: B

NEW QUESTION 24
Your network contains an Active Directory domain named contoso.com.
You need to view a list of all the domain user accounts that are enabled. But whose users have not signed in during the last 30 days.
Which command should you run? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
70-742 dumps exhibit

  • A. Mastered
  • B. Not Mastered

Answer: A

Explanation:
70-742 dumps exhibit

NEW QUESTION 25
Your network contains an Active Directory domain named contoso.com.
The user account for a user named User1 is in an organizational unit (OU) named OU1. You need to enable User1 to sign in as user1@adatum.com.
Solution: From Windows PowerShell, You run Set-ADuser User1 –UserPrincipalName User1@Adatum.com. Does this meet the goal?

  • A. Yes
  • B. No

Answer: A

NEW QUESTION 26
Your network contains two Active Directory forests named fabrikam.com and contoso.com. Each forest contains two sites. Each site contains two domain controllers.
You need to configure all the domain controllers in both the forests as global catalog servers. Which snap-in should you us?

  • A. Active Directory Users and Computers
  • B. Active Directory Sites and Services
  • C. Active Directory Domains and Trusts
  • D. Active Directory Federation Services

Answer: B

NEW QUESTION 27
Your network contains an Active Directory forest. The forest contains two domains named litwarenc.com and contoso.com. The contoso.com domain contains two domains controllers named LON-DC01 and LON-DC02. The domain controllers are located in a site named London that is associated to a subnet of 192.168.10.0/24
You discover that LON-DC02 is not a global catalog server. You need to configure LON-DC02 as a global catalog server. What should you do?

  • A. From Active Directory Sites and Services, modify the properties of the 192.168.10.0/24 IP subnet.
  • B. From Windows PowerShell, run the Set-NetNatGlobal cmdlet.
  • C. From Active Directory Sites and Services, modify the NTDS Settings object of LON-DC02.
  • D. From Windows PowerShell, run the Enable-ADOptionalFeature cmdlet.

Answer: C

NEW QUESTION 28
......

Thanks for reading the newest 70-742 exam dumps! We recommend you to try the PREMIUM Dumpscollection 70-742 dumps in VCE and PDF here: http://www.dumpscollection.net/dumps/70-742/ (266 Q&As Dumps)