[2020.8] Microsoft 70-742 exam practice questions and success secrets

Is it really hard to pass the Microsoft MCSA 70-742 exam?

That’s right! Passing the Microsoft MCSA 70-742 exam is not an easy task!
Follow Certificatedumps Microsoft Blog! Share the latest and most effective exam tips for free.

Certificatedumps shares the latest exam questions and answers throughout the year.

Microsoft 70-742 exam “Identity with Windows Server 2016”.
Certificatedumps shares the latest Microsoft 70-742 exam pdf, 70-742 exam practice questions, the latest questions to help you improve your exam pass rate!

We prepared the Microsoft 70-742 highest exam pass secret, 70-742 Dumps. https://www.leads4pass.com/70-742.html ( The ultimate key.)
The latest and most complete Microsoft 70-742 exam dump.

Certificatedumps 70-742 exam catalog

Latest Microsoft 70-742 exam pdf free download

[PDF Q1-Q12] Free Microsoft 70-742 pdf dumps download from Google Drive: https://drive.google.com/file/d/1CBljHgxobwhHLUFb0d-z6atsG6tN6t_M

Exam 70-742: Identity with Windows Server 2016: https://docs.microsoft.com/en-us/learn/certifications/exams/70-742

Candidates for this exam manage identities using the functionalities in Windows Server 2016. Candidates install, configure, manage,
and maintain Active Directory Domain Services (AD DS) as well as implement Group Policy Objects (GPOs).

Candidates should also be familiar implementing and managing Active Directory Certificate Services (AD CS), Active Directory Federations
Services (AD FS), Active Directory Rights Management Services (AD RMS), and Web Application proxy.

Skills measured

  • Install and Configure Active Directory Domain Services (AD DS) (20-25%)
  • Manage and Maintain AD DS (15-20%)
  • Create and Manage Group Policy (25-30%)
  • Implement Active Directory Certificate Services (AD CS) (10-15%)
  • Implement Identity Federation and Access Solutions (15-20%)

Latest Updates Microsoft 70-742 Exam Practice Questions and Answers

QUESTION 1

Note: This question is part of a series of questions that use the same scenario. For your convenience, the scenario is
repeated in each question. Each question presents a different goal and answer choices, but the text of the scenario is
exactly the same in each question in this series.
Start of repeated scenario.
Your network contains an Active Directory domain named contoso.com. The domain contains a single site named Site1.
All computers are in Site1.
The Group Policy objects (GPOs) for the domain are configured as shown in the exhibit. (Click the Exhibit button.)

certificatedumps 70-742 q1

The relevant users and client computer in the domain are configured as shown in the following table.

certificatedumps 70-742 q1-1

End of repeated scenario.
You are evaluating what will occur when you disable the Group Policy link for A6.
Which GPOs will apply to User2 when the user signs in to Computer1 after the link for A6 is disabled?
A. A1 and A5 only
B. A3, A1, and A5 only
C. A3, A1, A5, and A4 only
D. A3, A1, A5, and A7

Correct Answer: C

QUESTION 2

Your network contains an Active Directory forest. The forest contains two domain controllers named DC1 and DC2 that
run Windows Server 2016. DC1 holds all of the operations master roles.
DC1 experiences a hardware failure.
You plan to use an automated process that will create 1,000 user accounts.
You need to ensure that the automated process can complete successfully.
Which command should you run? To answer, select the appropriate options in the answer area.
Hot Area:

certificatedumps 70-742 q2

QUESTION 3

Your network contains an Active Directory domain. The domain contains an organizational unit (OU) named
FileServersOU. A Group Policy object (GPO) named GPO1 is linked to FileServersOU. FileServersOU contains all the
file servers in
the domain.
You make an urgent security edit to GPO1.
You need to ensure that all the file servers receive the updated setting as soon as possible.
What should you do?
A. Right-click FileServersOU and click Group Policy Update…
B. Right-click the GPO link for GPO1 and click Enforced.
C. Right-click Group Policy Results and click Group Policy Results Wizard…
D. Right-click FileServersOU and click Refresh.

Correct Answer: A

QUESTION 4

Your network contains an Active Directory domain named contoso.com.
You need to create a central store for Group Policy administrative templates.
What should you use?
A. Server Manager
B. File Explorer
C. Copy-GPO
D. Group Policy Management Console (GPMC)
E. Group Policy Management Editor

Correct Answer: B

References: http://www.redbass.net/create-central-store-group-policy-administrative-templates/

QUESTION 5

You deploy a new enterprise certification authority (CA) named CA1.
You plan to issue certificates based on the User certificate template.
You need to ensure that the issued certificates are valid for two years and support autoenrollment.
What should you do first?
A. Run the certutil.exe command and specify the resubmit parameter.
B. Duplicate the User certificate template.
C. Add a new certificate template for CA1 to issue.
D. Modify the Request Handling settings for the CA.

Correct Answer: B

The built-in templates to do support allow auto-enrollment. You need to duplicate the template then modify the
permissions on the new template. References:
https://docs.centrify.com/en/centrify/adminref/index.html#page/cloudhelp/cloud-admin-install-create-cert-templates.html

QUESTION 6

Note: This question is part of a series of questions that use the same scenario. For your convenience, the scenario is
repeated in each question. Each question presents a different goal and answers choices, but the text of the scenario is
exactly the same in each question in this series.
Start of repeated scenario.
You work for a company named Contoso, Ltd.
The network contains an Active Directory forest named contoso.com. A forest trust exists between contoso.com and an
Active Directory forest named adatum.com.
The contoso.com forest contains the objects configured as shown in the following table.

certificatedumps 70-742 q6

Group1 and Group2 contain only user accounts.
Contoso hires a new remote user named User3. User3 will work from home and will use a computer named Computer3
that runs Windows 10. Computer3 is currently in a workgroup.
An administrator named Admin1 is a member of the Domain Admins group in the contoso.com domain.
From Active Directory Users and Computers, you create an organizational unit (OU) named OU1 in the contoso.com
domain, and then you create a contact named Contact1 in OU1.
An administrator of the adatum.com domain runs the Set-ADUser cmdlet to configure a user named User1 to have a
user logon name of [email protected].
End of repeated scenario.
You need to ensure that User1 can back up the data stored on Computer1. The solution must prevent the user from
restoring the data on Computer1.
What should you do?
A. Add User1 to the Backup Operators group of the domain
B. Modify the Security Settings of the Local Group Policy on Computer1
C. Add User1 to the Power Users group on Computer1
D. Add User1 to the Backup Operators group on Computer1

Correct Answer: B

References: https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/back-up-filesand-directories

QUESTION 7

HOTSPOT
Your network contains an Active Directory domain named contoso.com. The domain contains a read-only domain
controller (RODC) named RODC1.
The domain contains the users shown in the following table.

certificatedumps 70-742 q7

Group1 is a member of the Backup Operators group.
RODC1 has a Password Replication Policy configured as shown in the exhibit. (Click the Exhibit button.)
Exhibit:

certificatedumps 70-742 q7-1

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct
selection is worth one point.
Hot Area:

certificatedumps 70-742 q7-2

QUESTION 8

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains
a unique solution that might meet the stated goals. Some question sets might have more than one correct solution,
while
others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not
appear in the review screen.
You have a server named Web1 that runs Windows Server 2016.
You need to list all the SSL certificates on Web1 that will expire during the next 60 days.
Solution: You run the following command.
Get-ChildItem Cert:\LocalMachine\My |? { $_.NotAfter ?t (Get-Date).AddDays( 60 ) }
Does this meet the goal?
A. Yes
B. No

Correct Answer: A

QUESTION 9

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains
a unique solution that might meet the stated goals. Some question sets might have more than one correct solution,
while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not
appear in the review screen. Your network contains an Active Directory forest named contoso.com. The forest contains
a member server named Server1 that runs Windows Server 2016. All domain controllers run Windows Server 2012 R2.
Contoso.com has the following configuration.
PS C:> (Get-ADForest).ForestMode
Windows2008R2Forest PS C:> (Get-ADDomain).DomainMode Windows2008R2Domain PS C:>
You plan to deploy an Active Directory Federation Services (AD FS) farm on Server1 and to configure device registration.
You need to configure Active Directory to support the planned deployment.
Solution: You upgrade a domain controller to Windows Server 2016.
Does this meet the goal?
A. Yes
B. No

Correct Answer: A

Device Registration requires Windows Server 2012 R2 forest schema. Upgrading a domain controller will run
adprep.exe to upgrade the schema as part of the upgrade process.
References: https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/deployment/configure-a-federation-serverwith-device-registration-service https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/deploy/upgrade-domaincontrollers-towindows-server-2012-r2-and-windows-server-2012

QUESTION 10

Note: This question is part of a series of questions that use the same scenario. For your convenience, the scenario is
repeated in each question. Each question presents a different goal and answers choices, but the text of the scenario is
exactly the same in each question in this series.
Start of repeated scenario.
You work for a company named Contoso, Ltd.
The network contains an Active Directory forest named contoso.com. A forest trust exists between contoso.com and an
Active Directory forest named adatum.com.

certificatedumps 70-742 q10

The contoso.com forest contains the objects configured as shown in the following table.
Group1 and Group2 contain only user accounts.
Contoso hires a new remote user named User3. User3 will work from home and will use a computer named Computer3
that runs Windows 10. Computer3 is currently in a workgroup.
An administrator named Admin1 is a member of the Domain Admins group in the contoso.com domain.
From Active Directory Users and Computers, you create an organizational unit (OU) named OU1 in the contoso.com
domain, and then you create a contact named Contact1 in OU1.
An administrator of the adatum.com domain runs the Set-ADUser cmdlet to configure a user named User1 to have a
user logon name of [email protected].
End or repeated scenario.
You need to join Computer3 to the contoso.com domain by using offline domain join.
Which command should you use in the contoso.com domain and on Computer3? To answer, select the appropriate
options in the answer area.
Hot Area:

certificatedumps 70-742 q10-1

Correct Answer:

certificatedumps 70-742 q10-2

QUESTION 11

Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. The domain
contains a server named Server1.
An administrator named Admin01 plans to configure Server1 as a standalone certification authority (CA).
You need to identify to which group Admin01 must be a member to configure Server1 as a standalone CA. The solution
must use the principle of least privilege.
To which group should you add Admin01?
A. Administrators on Server1.
B. Domain Admins in contoso.com
C. Cert Publishers on Server1
D. Key Admins in contoso.com

Correct Answer: A

When installing a Standalone CA, you must use an account that is a member of the local Administrators group.
References: http://juventusitprofessional.blogspot.com/2015/06/active-directory-certificate-services.html

QUESTION 12

Your network contains an Active Directory domain named contoso.com. The domain contains a user named User1, a group named Group1, and an organizational unit (OU) named OU1.
You need to enable User1 to link Group Policies to OU1.
Solution: From Active Directory Administrative Center, you add User1 to Group1 and grant Group1 Full Control
permission to OU1.
Does this meet the goal?
A. Yes
B. No

Correct Answer: A

QUESTION 13

Your network contains an Active Directory domain named contoso.com. All the accounts of the users in the sales department are in an organizational unit (OU) named SalesOU.
An application named App1 is deployed to the user accounts in SalesOU by using a Group Policy object (GPO) named Sales GPO.
You need to set the registry value of \HKEY_CURRENT_USER\Software\App1\Collaboration to 0.
Solution: You add a user preference that has a Replace action.
Does this meet the goal?
A. Yes
B. No

Correct Answer: B

Share lead4Pass Microsoft 70-742 Coupon codes for free 2020

Lead4Pass Reviews

Lead4Pass has many years of exam experience! Help many friends pass the Microsoft exam! Lead4pass year-round update exams are up to date and effective! The most authoritative examination certification expert! Highest pass rate! Best price/performance ratio! Guaranteed to pass the first exam!

about lead4pass

Latest update Lead4pass 70-742 exam dumps: https://www.leads4pass.com/70-742.html (289 Q&As)

[Q1-Q12 PDF] Free Microsoft 70-742 pdf dumps download from Google Drive: https://drive.google.com/file/d/1CBljHgxobwhHLUFb0d-z6atsG6tN6t_M

Microsoft 70-742 Exam Tips Summary:

Microsoft 70-742 is already the ultimate help here, we share the latest exam pdf, the latest online exercise questions! And the brand website recommends “Lead4Pass”.