Tested 70-742 Dumps 2021

NEW QUESTION 1
Your network contains an Active Directory domain. The domain contains an organizational unit (OU) named FileServersOU. A Group Policy object (GPO) named GPO1 is linked to FileServersOU. FileServersOU contains all the file servers in the domain.
You make an urgent security edit to GPO1.
You need to ensure that all the file servers receive the updated setting as soon as possible. What should you do?

• A. Right-click FileServersOU and click Group Policy Update…
• B. Right-click the GPO link for GPO1 and click Enforced.
• C. Right-click Group Policy Results and click Group Policy Results Wizard…
• D. Right-click FileServersOU and click Refresh.

Answer: A

NEW QUESTION 2
Note: This question is part of a series of questions that use the same scenario. For your convenience, the scenario is repeated in each question. Each question presents a different goal and answer choices, but the text of the scenario is exactly the same in each question in this series.
Start of repeated scenario.
Your network contains an Active Directory domain named contoso.com. The domain contains a single site
named Site1. All computers are in Site1.
The Group Policy objects (GPOs) for the domain are configured as shown in the exhibit. (Click the Exhibit button.)

The relevant users and client computer in the domain are configured as shown in the following table.

End of repeated scenario.
You are evaluating what will occur when you set user Group Policy loopback processing mode to Replace in A4.
Which GPO or GPOs will apply to User2 when the user signs in to Computer1 after loopback processing is configured?

• A. A1, A5, A6 and A4
• B. A3, A1, A4, A6 and A7
• C. A3, A1, A5 and A4
• D. A4 only

Answer: A

NEW QUESTION 3
Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2 that run Windows Server 2021.
Server1 has IP Address Management (IPAM) installed. Server2 has the DHCP Server role installed. The IPAM server retrieves data from Server2.
You create a domain user account named User1.
You need to ensure that User1 can use IPAM to manage DHCP.
Which command should you run on Server1? To answer, select the appropriate options in the answer area.

Answer:

Explanation:

NEW QUESTION 4
Your company recently deployed a new child domain to an Active Directory forest.
You discover that a user modified the Default Domain Policy to configure several Windows components in the child domain.
A company policy states that the Default Domain Policy must be used only to configure domain-wide security settings.
You create a new Group Policy object (GPO) and configure the settings for the Windows components in the new GPO.
You need to restore the Default Domain Policy to the default settings from when the domain was first installed.
What should you do?

• A. From Group Policy Management, click Starter GPOs, and then click Manage Backups.
• B. From a command prompt, run the dcgpofix.exe command.
• C. From Windows PowerShell, run the Copy-GPO cmdlet.
• D. Run ntdsutil.exe to perform a metadata cleanup and a semantic database analysis.

Answer: B

NEW QUESTION 5
Note: This question is part of a series of questions that use the same or similar answer choices. An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in this series. Information and details provided in a question apply only to that question.
Your network contains an Active Directory domain named contoso.com. You recently deleted 5,000 objects from the Active Directory database.
You need to reduce the amount of disk space used to store the Active Directory database on a domain controller.

• A. Dsadd quota
• B. Dsmod
• C. Active Directory Administrative Center
• D. Dsacls
• E. Domain
• F. Active Directory Users and Computers
• G. Ntdsutil
• H. Group Policy Management Console

Answer: G

NEW QUESTION 6
Your network contains an Active Directory domain named contoso.com.
You open Group Policy Management as shown in the exhibit. (Click the Exhibit button.)

You discover that some of the settings configured in the A1 Group Policy object (GPO) fail to apply to the users in the OU1 organizational unit (OU).
You need to ensure that all of the settings in A1 apply to the users in OU1. What should you do?

• A. Enable loopback policy processing in A1.
• B. Block inheritance on OU1.
• C. Modify the policy processing order for OU1.
• D. Modify the GPO Status of A1.

Answer: C

NEW QUESTION 7
Note: This question is part of a series of questions that use the same scenario. For your convenience, the scenario is repeated in each question. Each question presents a different goal and answer choices, but the text of the scenario is exactly the same in each question in this series.
Start of repeated scenario.
You work for a company named Contoso, Ltd.
The network contains an Active Directory forest named contoso.com. A forest trust exists between contoso.com and an Active Directory forest named adatum.com.
The contoso.com forest contains the objects configured as shown in the following table.

Group1 and Group2 contain only user accounts.
Contoso hires a new remote user named User3. User3 will work from home and will use a computer named
Computer3 that runs Windows 10. Computer3 is currently in a workgroup.
An administrator named Admin1 is a member of the Domain Admins group in the contoso.com domain. From Active Directory Users and Computers, you create an organizational unit (OU) named OU1 in the
contoso.com domain, and then you create a contact named Contact1 in OU1.
An administrator of the adatum.com domain runs the Set-ADUser cmdlet to configure a user named User1 to have a user logon name of User1@litwareinc.com.
End or repeated scenario.
You need to ensure that Admin1 can add Group2 as a member of Group3. What should you modify?

• A. Modify the Security settings of Group3.
• B. Modify the group scope of Group3.
• C. Modify the group type of Group3.
• D. Set Admin1 as the manager of Group3.

Answer: B

NEW QUESTION 8
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2021. The Computer account for Server1 is in organizational unit (OU) named OU1.
You create a Group Policy object (GPO) named GPO1 and link GPO1 to OU1.
You need to add a domain user named user1 to the local Administrators group on Server1.
Solution: From the Computer Configuration node of GPO1, you configure the local Users and Groups preference.
Does this meet the goal?

• A. Yes
• B. No

Answer: A

NEW QUESTION 9
Your network contains an Active Directory domain named contoso.com. You need to create a central store for Group Policy administrator templates. What should you use?

• A. Dcgpofix.exe
• B. Copy-Item
• C. Copy-GPO
• D. Group Policy Management Console (GPMC)

Answer: B

NEW QUESTION 10
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution. Determine whether the solution meets the stated goals.
Your network contains an Active Directory domain named contoso.com. The domain contains a DNS server named Server1. All client computers run Windows 10.
On Server1, you have the following zone configuration.

You need to ensure that all of the client computers in the domain perform DNSSEC validation for the fabrikam.com namespace.
Solution: From a Group Policy object (GPO) in the domain, you add a rule to the Name Resolution Policy Table (NRPT).
Does this meet the goal?

• A. Yes
• B. No

Answer: A

Explanation: The NRPT stores configurations and settings that are used to deploy DNS Security Extensions (DNSSEC), and also stores information related to DirectAccess, a remote access technology.
Note: The Name Resolution Policy Table (NRPT) is a new feature available in Windows Server 2008 R2. The NRPT is a table that contains rules you can configure to specify DNS settings or special behavior for names or namespaces. When performing DNS name resolution, the DNS Client service checks the NRPT before sending a DNS query. If a DNS query or response matches an entry in the NRPT, it is handled according to settings in the policy. Queries and responses that do not match an NRPT entry are processed normally.
References: https://technet.microsoft.com/en-us/library/ee649207(v=ws.10).aspx

NEW QUESTION 11
Note: This question is part of a series of questions that use the same scenario. For your convenience, the scenario is repeated in each question. Each question presents a different goal and answer choices, but the text of the scenario is exactly the same in each question in this series.
Start of repeated scenario.
Your network contains an Active Directory domain named contoso.com. The domain contains a single site named Site1. All computers are in Site1.
The Group Policy objects (GPOs) for the domain are configured as shown in the exhibit. (Click the Exhibit button.)

The relevant users and client computer in the domain are configured as shown in the following table.

End of repeated scenario.
You plan to enforce the GPO link for A6.
Which five GPOs will apply to User1 in sequence when the user signs in to Computer1 after the link is enforced? To answer, move the appropriate GPOs from the list of GPOs to the answer area and arrange them in the correct order.

Answer:

Explanation:

NEW QUESTION 12
Your network contains an Active Directory domain named contoso.com. The domain contains an Active Directory Federation Services {AD FS) server named Server1.
On a standalone server named Server2, you install and configure the Web Application Proxy.
You have an internal web application named WebApp1. AD FS has a relying party trust for WebApp1. You need to provide external users with access to WebApp1. Authentication to WebApp1 must use AD FS
pre-authentication.
Which tool should you use to publish WebApp1?

• A. Remote Access Management on Server1
• B. AD FS Management on Server2
• C. Remote Access Management on Server2
• D. Routing and Remote Access on Server1
• E. AD FS Management on Server1.

Answer: C

Explanation: References:
https://docs.microsoft.com/en-us/windows-server/remote/remote-access/web-application-proxy/publishing-appli

NEW QUESTION 13
Your network contains two network domains sales.fabrikam.com, and contoso.com, You recently added a site named Europe.
The forest contains four users who are members of the groups shown in the following table.

You need to create a Group Policy object (GPO) named GP01 and to link GPO1 to the Europe site. Which users can perform each task? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point

Answer:

Explanation:

NEW QUESTION 14
Your network contains an Active Directory domain named adatum.com. The domain contains the servers configured as shown in the following table:

You have a server named Server6 in the perimeter network. Each server has the local users show in the following table.

The domain contains the users shown in the following table.

You install a Web Application Proxy on Server6.
You need to configure the Web Application proxy on Server6. The solution must use the principle of least privilege.
Which account should you specify in the Web Application Proxy Configuration Wizard? To answer, select the appropriate options in the answer are.
NOTE: Each correct selection is worth one point.

Answer:

Explanation: The user account used to configure the web application proxy must have local Administrator permission on the WAP server(s), and have access to an account that have local Administrator permissions on the AD FS servers.
References:
http://www.mistercloudtech.com/2015/11/25/how-to-install-and-configure-web-application-proxy-for-adfs/

NEW QUESTION 15
Your network contains an Active Directory forest named contoso.com. The forest contains 10 domains. The root domain contains a global catalog server named DC1.
You remove the global catalog server role from DC1.
You need to decrease the size of the Active Directory database on DC1.
Solution:You stop the NTDS service on DC1. You run ntdsutil.exe, use the metadata cleanup option, and then start the NTDS
Does this meet the goal?

• A. Yes
• B. No

Answer: B

Explanation: You need to run ntdsutil.exe with the ‘compact to’ option. References:
https://theitbros.com/active-directory-database-compact-defrag/

NEW QUESTION 16
Your company has a main office and three branch offices.
The network contains an Active Directory domain named contoso.com.
The main office contains three domain controllers. Each branch office contains one domain controller.
You discover that new settings in the Default Domain Policy are not applied in one of the branch offices, but all other Group Policy objects (GPOs} are applied.
You need to check the replication of the Default Domain Policy for the branch office. What should you do from a domain controller in the main office?

• A. From a command prompt, run dcdiag.exe.
• B. From Group Policy Management, click Default Domain Policy under Contoso.com, and then open theDetails tab.
• C. From Group Policy Management, click Default Domain Policy under Contoso.com, and then open theScope tab.
• D. From a command prompt, run repadmin.exe.

Answer: D

NEW QUESTION 17
Your network contains an Active Directory domain named contoso.com. The domain contains a read-only domain controller (RODC) named R0DC1.
You need to retrieve a list of accounts that have their password cached on RODC1. Which command should you run?

• A. netdom.exe
• B. ntdsutil.exe
• C. repadmin.exe
• D. dcdiag.exe

Answer: C

Explanation: https://technet.microsoft.com/en-us/library/rodc-guidance-for-administering-the-password-replication-policy(v=

NEW QUESTION 18
Your company has multiple branch offices.
The network contains an Active Directory domain named contoso.com.
In one of the branch offices, a new technician is hired to add computers to the domain.
After successfully joining multiple computers to the domain, the technician fails to join anymore computers to the domain.
You need to ensure that the technician can join an unlimited number of computers to the domain. What should you do?

• A. Modify the Security settings of the technician's user account.
• B. Modify the Security settings of the Computers container.
• C. Configure the technician's user account as a managed service account.
• D. Run the redircmp.exe command.

Answer: B

NEW QUESTION 19
Note: This question is part of a series of questions that use the same scenario. For your convenience, the scenario is repeated in each question. Each question presents a different goal and answer choices, but the text of the scenario is exactly the same in each question in this series.
Start of repeated Scenario
You work for a company named Contoso, Ltd.
The network contains an Active Directory forest named contoso.com. A forest trust exists between contoso.com and an Active Directory forest named adatum.com.
The contoso.com forest contains the objects configured as shown in the following table.

Group 1 and Group2 contain only user accounts.
Contoso hires a new remote user named User3. User3 will work from home and will use a computer named
Computer3 that runs Windows 10. Computer3 is currently in a workgroup.
An administrator named Admin1 is a member of the Domain Admins group in the contoso.com domain. From Active Directory Users and Computers, you create an organizational unit (OU) named OU1 in the
contoso.com domain, and then you create a contact named Contact1 in OU1.
An administrator of the adatum.com domain runs the Set-ADUser cmdlet to configure a user named User1 to have a user logon name of user1@litwareinc.com.
End of repeated scenario
You need to ensure that Admin1 can convert Group1 to a global group. What should you do?

• A. Add Admin1 to the Enterprise Admin group.
• B. Remove all the member from Group1.
• C. Modify the Security settings of Group1.
• D. Convert Group1 to a universal security group.

Answer: B