Jump to content
Sadikhov IT Certification forums

Recommended Posts

2017 Dec New Released 70-742 Exam Questions:

QUESTION 56
Your network contains an Active Directory domain named contoso.com.
Domain users use smart cards to sign in to their client computer.
Some users report that it takes a long time to sign in to their computer and that the logon attempt times out, so they must restart the sign in process.
You discover that the issues to checking the certificate revocation list (CRL) of the smart card certificates.
You need to resolve the issue without diminishing the security of the smart card logons.
What should you do?

A. From the properties of the smart card's certificate template, modify the Request Handling settings.
B. From the properties of the smart card's certificate template, modify the Issuance Requirements settings.
C. Deactivate certificate revocation checks on the computers.
D. Implement an Online Certification Status Protocol (OCSP) responder.

Answer: D

QUESTION 57
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You deploy a new Active Directory forest.
You need to ensure that you can create a group Managed Service Account (gMSA) for multiple member servers.
Solution: From Windows PowerShell on a domain controller, you run the Set-KdsConfiguration cmdlet.
Does this meet the goal?

A. Yes
B. No

Answer: B

QUESTION 58
Note: This question is part of a series of questions that use the same scenario. For your convenience, the scenario is repeated in each question. Each question presents a different goal and answer choices, but the text of the scenario is exactly the same in each question in this series.
Start of repeated Scenario
You work for a company named Contoso, Ltd.
The network contains an Active Directory forest named contoso.com. A forest trust exists between contoso.com and an Active Directory forest named adatum.com.
The contoso.com forest contains the objects configured as shown in the following table.
upload_2017-12-1_10-46-24.png 
Group 1 and Group2 contain only user accounts.
Contoso hires a new remote user named User3. User3 will work from home and will use a computer named Computer3 that runs Windows 10. Computer3 is currently in a workgroup. An administrator named Admin1 is a member of the Domain Admins group in the contoso.com domain.
From Active Directory Users and Computers, you create an organizational unit (OU) named OU1 in the contoso.com domain, and then you create a contact named Contact1 in OU1.
An administrator of the adatum.com domain runs the Set-ADUser cmdlet to configure a user named User1 to have a user logon name of user1@litwareinc.com.
End of repeated scenario
You need to ensure that Admin1 can convert Group1 to a global group.
What should you do?

A. Add Admin1 to the Enterprise Admin group.
B. Remove all the member from Group1.
C. Modify the Security settings of Group1.
D. Convert Group1 to a universal security group.

Answer: B

QUESTION 59
You have an Active Directory Rights Management Services (AD RMS) server named RMS1.
Multiple documents are protected by using RMS1.
RMS1 fails and cannot be recovered.
You install the AD RMS server role on a new server named RMS2.
You restore the AD RMS database from RMS1 to RMS2.
Users report that they fail to open the protected documents and to protect new documents.
You need to ensure that the users can access the protected content.
What should you do?

A. From Active Directory Rights Management, update the Service Connection Point (SCP) for RMS1.
B. From DNS, create an alias (CNAME) record for RMS2.
C. From DNS, modify the service location (SRV) record for RMS1.
D. From RMS2, register a service principal name (SPN) in Active Directory.

Answer: D

QUESTION 60
Note: This question is part of a series of questions that use the same or similar answer choices. An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in this series. Information and details provided in a question apply only to that question.
Your network contains an Active Directory domain named contoso.com.
You recently deleted 5,000 objects from the Active Directory database.
You need to reduce the amount of disk space used to store the Active Directory database on a domain controller.

A. Dsadd quota
B. Dsmod
C. Active Directory Administrative Center
D. Dsacls
E. Domain
F. Active Directory Users and Computers
G. Ntdsutil
H. Group Policy Management Console

Answer: G

QUESTION 61
Your network contains an Active Directory domain named contoso.com.
The domain contains an enterprise certification authority (CA) named CA1.
You duplicate the Computer certificate template, and you name the template Cont_Computers.
You need to ensure that all of the certificates issued based on Cont_Computers have a key size of 4,096 bits.
What should you do?

A. From the properties of CA1, modify the Security settings.
B. From the properties of CA1, modify the Request Handling settings.
C. From the properties of the Computer template, modify the Key Attestation settings.
D. From the properties of Cont_Computers, modify the Cryptography settings.

Answer: C

QUESTION 62
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a server named Web1 that runs Windows Server 2016.
You need to list all the SSL certificates on Web1 that will expire during the next 60 days.
Solution: You run the following command.
upload_2017-12-1_10-46-38.png 
Does this meet the goal?

A. Yes
B. No

Answer: B

QUESTION 63
Your network contains an Active Directory domain named contoso.com.
The domain contains a user named User1 and an organizational unit (OU) named OU1.
You create a Group Policy object (GPO) named GPO1.
You need to ensure that User1 can link GPO1 to OU1.
What should you do?

A. Modify the security setting of User1.
B. Add User1 to the Group Policy Creator Owner group.
C. Modify the security setting of OU1.
D. Modify the security setting of GPO1.

Answer: D

QUESTION 64
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You deploy a new Active Directory forest.
You need to ensure that you can create a group Managed Service Account (gMSA) for multiple member servers.
Solution: You configure Kerberos constrained delegation on the computer account of each member server.
Does this meet the goal?

A. Yes
B. No

Answer: B

QUESTION 65
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution. Determine whether the solution meets the stated goals.
Your network contains an Active Directory domain named contoso.com.
The domain contains a DNS server named Server1. All client computers run Windows 10.
On Server1, you have the following zone configuration.
upload_2017-12-1_10-46-46.png 
You need to ensure that all of the client computers in the domain perform DNSSEC validation for the fabrikam.com namespace.
Solution: From a Group Policy object (GPO) in the domain, you add a rule to the Name Resolution Policy Table (NRPT).
Does this meet the goal?

A. Yes
B. No

Answer: A
Explanation:
The NRPT stores configurations and settings that are used to deploy DNS Security Extensions (DNSSEC), and also stores information related to DirectAccess, a remote access technology.
Note: The Name Resolution Policy Table (NRPT) is a new feature available in Windows Server 2008 R2. The NRPT is a table that contains rules you can configure to specify DNS settings or special behavior for names or namespaces. When performing DNS name resolution, the DNS Client service checks the NRPT before sending a DNS query. If a DNS query or response matches an entry in the NRPT, it is handled according to settings in the policy. Queries and responses that do not match an NRPT entry are processed normally.
References: https://technet.microsoft.com/en-us/library/ee649207(v=ws.10).aspx

QUESTION 66
You network contains an Active Directory domain named contoso.com.
The domain contains an Active Directory Federation Services (AD FS) server named ADFS1, a Web Application Proxy server named WAP1, and a web server named Web1.
You need to publish a website on Web1 by using the Web Application Proxy.
Users will authenticate by using OAuth2 preauthentication.
What should you do first?

A. On Web1, add site bindings.
B. On Web1, add handler mappings.
C. On ADFS1, enable an endpoint.
D. On ADFS1, add a claims provider trust.

Answer: D


New 70-742 VCE Dumps:https://www.pass4surekey.com/exam/70-742.html

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this  

×