Identity with Windows Server 2016 v1.0 (70-742)

Page:    1 / 18   
Total 273 questions

Note: This question is part of a series of questions that use the same scenario. For your convenience, the scenario is repeated in each question. Each question presents a different goal and answer choices, but the text of the scenario is exactly the same in each question in this series.


You work for a company named Contoso, Ltd.
The network contains an Active Directory forest named contoso.com. A forest trust exists between contoso.com and an Active Directory forest named adatum.com.
The contoso.com forest contains the objects configured as shown in the following table.

Group1 and Group2 contain only user accounts.
Contoso hires a new remote user named User3. User3 will work from home and will use a computer named Computer3 that runs Windows 10. Computer3 is currently in a workgroup.
An administrator named Admin1 is a member of the Domain Admins group in the contoso.com domain.
From Active Directory Users and Computers, you create an organizational unit (OU) named OU1 in the contoso.com domain, and then you create a contact named Contact1 in OU1.
An administrator of the adatum.com domain runs the Set-ADUser cmdlet to configure a user named User1 to have a user logon name of [email protected]

Admin1 attempts to delete OU1 and receives an error message.
You need to ensure that Admin1 can delete OU1.
What should you do first?

  • A. Modify the Object settings for OU1
  • B. Add Admin1 to the Enterprise Admins group
  • C. Delete Contact1
  • D. Disable the Active Directory Recycle Bin


Answer : A

References:
https://www.dtonias.com/access-denied-delete-move-ou-active-directory/

DRAG DROP -
Your network contains an Active Directory domain. The domain contains two domain controllers named DC1 and DC2. DC2 is a virtual machine that is hosted on a Hyper-V host named HyperV1. DC1 holds the PDC emulator operations master role.
You need to create a new domain controller named DC3 by using domain controller cloning.
Which five actions should you perform in sequence before you can import the cloned virtual machine? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
NOTE: More than one order of answer choices is correct. You will receive credit for any of the correct orders you select.
Select and Place:




Answer :

References:
https://blogs.technet.microsoft.com/askpfeplat/2012/10/01/virtual-domain-controller-cloning-in-windows-server-2012/

Your network contains an Active Directory forest named contoso.com.
Your company plans to hire 500 temporary employees for a project that will last 90 days.
You create a new user account for each employee. An organizational unit (OU) named Temp contains the user accounts for the employees.
You need to prevent the new users from accessing any of the resources in the domain after 90 days.
What should you do?

  • A. Run the Get-ADOrganizationalUnit cmdlet and pipe the output to the Set-Date cmdlet.
  • B. Run the Get-ADOrganizationalUnit cmdlet and pipe the output to the Set-ADAccountPassword cmdlet.
  • C. Run the Get-ADUser cmdlet and pipe the output to the Set-ADAccountExpiration cmdlet.
  • D. Create a Group Policy object (GPO) and link the GPO to the Temp OU. Modify the Account Lockout Policy of the GPO.


Answer : C

References:
https://docs.microsoft.com/en-us/powershell/module/addsadministration/set-adaccountexpiration?view=win10-ps

HOTSPOT -
Your network contains an Active Directory forest. The forest contains two sites named Site1 and Site2. Site1 contains 10 domain controllers. Site1 and Site2 connect to each other by using a WAN link.
You run the Active Directory Domain Services Configuration Wizard as shown in the following graphic.


Server3 is the only server in Site2.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
Hot Area:



Answer :

Explanation:
By selectively caching credentials, RODCs address some of the challenges that enterprises can encounter in branch offices and perimeter networks (also known as DMZs) that may lack the physical security that is commonly found in datacenters and hub sites.

HOTSPOT -
Your network contains an Active Directory forest named contoso.com. The forest contains the root domain and two child domains named child1.contoso.com and child2.contoso.com.
Child1 contains three domain controllers named DC1, DC2, and DC3. Child2 contains one domain controller named DC4.
You have two accounts named Child1\Admin1 and Child2\Admin2 that you use to perform administrative tasks. Currently, the accounts can manage only the member servers in their respective domain.
You plan to demote DC3 and to remove the Child2 domain.
You need to ensure that Admin1 can demote DC3 and that Admin2 can demote DC4. The solution must use the principle of least privilege.
To which groups should you add Admin1 and Admin2? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:




Answer :

References:
https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/deploy/demoting-domain-controllers-and-domains--level-200-

Your network contains an Active Directory forest. The forest contains a forest root domain named contoso.com and a child domain named eu.contoso.com. Each domain contains two domain controllers that run Windows Server 2012 R2.
The forest functional level is Windows Server 2008 R2. The domain functional level of contoso.com is Windows Server 2012 R2. The domain functional level of eu.contoso.com is Windows Server 2008 R2.
You need to raise the domain functional level of contoso.com to Windows Server 2016. The solution must minimize administrative effort.
What should you do before you raise the domain functional level?

  • A. Raise the forest functional level
  • B. Upgrade all of the domain controllers in the forest
  • C. Upgrade all of the domain controllers in contoso.com
  • D. Raise the domain functional level of eu.contoso.com


Answer : C

References:
https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/active-directory-functional-levels

Note: This question is part of a series of questions that use the same scenario. For your convenience, the scenario is repeated in each question. Each question presents a different goal and answer choices, but the text of the scenario is exactly the same in each question in this series.
Start of repeated scenario.
You work for a company named Contoso, Ltd.
The network contains an Active Directory forest named contoso.com. A forest trust exists between contoso.com and an Active Directory forest named adatum.com.
The contoso.com forest contains the objects configured as shown in the following table.


Group1 and Group2 contain only user accounts.
Contoso hires a new remote user named User3. User3 will work from home and will use a computer named Computer3 that runs Windows 10. Computer3 is currently in a workgroup.
An administrator named Admin1 is a member of the Domain Admins group in the contoso.com domain.
From Active Directory Users and Computers, you create an organizational unit (OU) named OU1 in the contoso.com domain, and then you create a contact named Contact1 in OU1.
An administrator of the adatum.com domain runs the Set-ADUser cmdlet to configure a user named User1 to have a user logon name of [email protected]
End of repeated scenario.
You need to ensure that User1 can back up the data stored on Computer1. The solution must prevent the user from restoring the data on Computer1.
What should you do?

  • A. Add User1 to the Backup Operators group of the domain
  • B. Modify the Security Settings of the local Group Policy on Computer1
  • C. Add User1 to the Power Users group on Computer1
  • D. Add User1 to the Backup Operators group on Computer1


Answer : B

References:
https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/back-up-files-and-directories

Your network contains an Active Directory domain.
You have a user account that is a member of the Domain Admins group.
You have 100 laptops that have a standard corporate image installed. The laptops are in workgroups and have random names.
A technician named Tech1 is assigned the task of joining the laptops to the domain. The computer accounts of each laptop must be in an organizational unit (OU) that is associated to the department of the user who will use the laptop. The laptop names must start with four characters indicating the department, followed by a four-digit number.
Tech1 is a member of the Domain Users group only. Tech1 has the administrator logon credentials for all the laptops.

You need Tech1 to join the laptops to the domain. The solution must ensure that the laptops are named correctly, and that the computer accounts of the laptops are in the correct OUs.
Solution: You script the creation of files domain join, and then you give the files to Tech1.
You instruct Tech1 to sign in to each laptop, and then to run djoin.exe.
Does this meet the goal?

  • A. Yes
  • B. No


Answer : B

HOTSPOT -
Your network contains an Active Directory domain named adatum.com. The domain contains the objects shown in the following table.


GroupA has Full Control permissions to a folder named Folder1. GroupB has Full Control permissions to a folder named Folder2.
You run the following PowerShell script:

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Hot Area:



Answer :

HOTSPOT -
Your network contains an Active Directory domain named contoso.com. You plan to automate user account management.
You need to find user accounts that meet specific criteria by using the find command in Active Directory Users and Computers. The solution must minimize administrative effort.
Which Find option should you use for each section? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:




Answer :

References:
https://activedirectorypro.com/find-disabled-active-directory-user-accounts/ https://www.oreilly.com/library/view/active-directory-cookbook/0596004648/ch06s29.html

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory domain named contoso.com. You have an organizational unit (OU) named LondonUsers that contains 10,000 users.


You need to modify the Office -
attribute of all the users in the LondonUsers OU.
Solution: From PowerShell, you run the Get-ADUser cmdlet and specify the ג€"SearchBase parameter. You pipe the results to the Set-Aduser cmdlet.
Does this meet the goal?

  • A. Yes
  • B. No


Answer : A

References:
https://webactivedirectory.com/2011/07/18/simple-powershell-script-to-bulk-update-or-modify-active-directory-user-attributes/

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory domain named contoso.com. You have an organizational unit (OU) named LondonUsers that contains 10,000 users.
You need to modify the Office attribute of all the users in the LondonUsers OU.
Solution: You create a CSV file. You run csvde.exe and specify the ג€"i and ג€"f parameters.
Does this meet the goal?

  • A. Yes
  • B. No


Answer : B

References:
https://webactivedirectory.com/2011/07/18/simple-powershell-script-to-bulk-update-or-modify-active-directory-user-attributes/

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory domain named contoso.com. You have an organizational unit (OU) named LondonUsers that contains 10,000 users.
You need to modify the Office attribute of all the users in the LondonUsers OU.
Solution: You create an LDIF file. You run ldifde.exe and specify the ג€"i and ג€"f parameters.
Does this meet the goal?

  • A. Yes
  • B. No


Answer : B

References:
https://webactivedirectory.com/2011/07/18/simple-powershell-script-to-bulk-update-or-modify-active-directory-user-attributes/

Your network contains an Active Directory domain named contoso.com.
You need to ensure that the Administrators group on each computer in the domain always contains Contoso\Domain Admins.
What should you do?

  • A. Modify the Default Domain Policy and enable the Accounts: Administrator Account status setting.
  • B. Modify the Default Domain Policy and configure the Restricted Groups setting.
  • C. Modify the Default Domain Controllers Policy and enable the Accounts: Administrator account status setting.
  • D. Modify the Default Domain Controllers Policy and configure the Restricted Groups setting.


Answer : B

References:
https://www.grouppolicy.biz/2010/01/how-to-use-group-policy-preferences-to-secure-local-administrator-groups/

HOTSPOT -
Your network contains an Active Directory domain named adatum.com.
You create a user named User1.
You need to meet the following requirements:
✑ Ensure that User1 can sign in only during work hours.
✑ Allow User1 to establish a VPN connection.
Which two settings should you configure? To answer, select the appropriate settings in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:




Answer :

Page:    1 / 18   
Total 273 questions