It is impossible to pass Microsoft 70-742 exam without any help in the short term. Come to Testking soon and find the most advanced, correct and guaranteed Microsoft 70-742 practice questions. You will get a surprising result by our Up to the immediate present Identity with Windows Server 2021 practice guides.
Q9. You have users that access web applications by using HTTPS. The web applications are located on the servers in your perimeter network. The servers use certificates obtained from an enterprise root certification authority (CA). The certificates are generated by using a custom template named WebApps. The certificate revocation list (CRL) is published to Active Directory.
When users attempt to access the web applications from the Internet, the users report that they receive a revocation warning message in their web browser. The users do not receive the message when they access the web applications from the intranet.
You need to ensure that the warning message is not generated when the users attempt to access the web applications from the Internet.
What should you do?
A. Install the Certificate Enrollment Web Service role service on a server in the perimeter network.
B. Modify the WebApps certificate template, and then issue the certificates used by the web application servers.
C. Install the Web Application Proxy role service on a server in the perimeter network. Create a publishing point for the CA.
D. Modify the CRL distribution point, and then reissue the certificates used by the web application servers.
Answer: C
Q10. Note: This question is part of a series of questions that use the same or similar answer choices. An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in this series.
Information and details provided in a question apply only to that question.
Your network contains an Active Directory domain named contoso.com. The domain contains 5,000 user accounts.
You have a Group Policy object (GPO) named DomainPolicy that is linked to the domain and a GPO named DCPolicy that is linked to the Domain Controllers organizational unit (OU).
You need to configure the Documents folder of every user to be stored on a server named FileServer1.
What should you do?
A. From the Computer Configuration node of DCPolicy, modify Security Settings.
B. From the Computer Configuration node of DomainPolicy, modify Security Settings.
C. From the Computer Configuration node of DomainPolicy, modify Administrative Templates.
D. From the User Configuration node of DCPolicy, modify Security Settings.
E. From the User Configuration node of DomainPolicy, modify Folder Redirection.
F. From user Configuration node of DomainPolicy, modify Administrative Templates.
G. From Preferences in the User Configuration node of DomainPolicy, modify Windows Settings.
H. From Preferences in the Computer Configuration node of DomainPolicy, modify Windows Settings.
Answer: E
Q11. Your network contains an Active Directory forest named contoso.com.
A partner company has a forest named fabrikam.com. Each forest contains one domain. You need to provide access for a group named Research in fabrikam.com to resources in
contoso.com. The solution must use the principle of least privilege. What should you do?
A. Create an external trust from fabrikam.com to contoso.com. Enable Active Directory split permissions in fabrikam.com.
B. Create an external trust from contoso.com to fabrikam.com. Enable Active Directory split permissions in contoso.com.
C. Create a one-way forest trust from contoso.com to fabrikam.com that uses selective authentication.
D. Create a one-way forest trust from fabrikam.com to contoso.com that uses selective authentication.
Answer: C
Q12. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You network contains an Active Directory forest named contoso.com. The forest contains an Active Directory Rights Management Services (AD RMS) deployment.
Your company establishes a partnership with another company named Fabrikam, Inc. The network of Fabrikam contains an Active Directory forest named fabrikam.com and an AD RMS deployment.
You need to ensure that the users in contoso.com can access rights protected documents sent by the users in fabrikam.com.
Solution: From AD RMS in contoso.com, you configure fabrikam.com as a trusted user domain.
Does this meet the goal?
A. Yes
B. No
Answer: B
Explanation:
Contoso would need to be the Trusted User Domain.
20. Your network contains an Active Directory domain named contoso.com.
You have a Group Policy object (GPO) named GPO1. GPO1 is linked to an organizational unit (OU) named OU1.
GPO1 contains several corporate desktop restrictions that apply to all computers. You plan to deploy a printer to the computers in OU1.
You need to ensure that any user who signs in to a computer that runs Windows 10 in OU1 receives the new printer. All of the computers in OU1 must continue to apply the corporate desktop restrictions from GPO1.
What should you configure?
A. a user preference and a WMI filter on GPO1.
B. a computer preference that uses item-level targeting
C. a computer preference and WMI filter on GPO1
D. a user preference that uses item-level targeting
Answer: D
Q13. Your network contains an Active Directory forest named contoso.com.
You have an Active Directory Federation Services (AD FS) farm. The farm contains a server named Server1 that runs Windows Server 2012 R2.
You add a server named Server2 to the farm. Server2 runs Windows Server 2021. You remove Server1 from the farm.
You need to ensure that you can use role separation to manage the farm. Which cmdlet should you run?
A. Set-AdfsFarmInformation
B. Update-AdfsRelyingPartyTrust
C. Set-AdfsProperties
D. Invoke-AdfsFarmBehaviorLevelRaise
Answer: A
Q14. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2021. The computer account for Server1 is in organizational unit (OU) named OU1.
You create a Group Policy object (GPO) named GPO1 and link GPO1 to OU1.
You need to add a domain user named User1 to the local Administrators group on Server1. Solution: From the Computer Configuration node of GPO1, you configure the Account
Policies settings.
Does this meet the goal?
A. Yes
B. No
Answer: B
Q15. Your network contains an Active Directory forest named contoso.com. The forest contains several domains.
An administrator named Admin01 installs Windows Server 2021 on a server named Server1 and then joins Server1 to the contoso.com domain.
Admin01 plans to configure Server1 as an enterprise root certification authority (CA).
You need to ensure that Admin01 can configure Server1 as an enterprise CA. The solution must use the principle of least privilege.
To which group should you add Admin01?
A. Server Operators in the contoso.com domain
B. Cert Publishers on Server1
C. Enterprise Key Admins in the contoso.com domain
D. Enterprise Admins in the contoso.com domain.
Answer: D
Q16. Your network contains an Active Directory forest. The forest contains two domains named litwarenc.com and contoso.com. The contoso.com domain contains two domains controllers named LON-DC01 and LON-DC02. The domain controllers are located in a site named London that is associated to a subnet of 192.168.10.0/24
You discover that LON-DC02 is not a global catalog server. You need to configure LON-DC02 as a global catalog server. What should you do?
A. From Active Directory Sites and Services, modify the properties of the 192.168.10.0/24 IP subnet.
B. From Windows PowerShell, run the Set-NetNatGlobal cmdlet.
C. From Active Directory Sites and Services, modify the NTDS Settings object of LON- DC02.
D. From Windows PowerShell, run the Enable-ADOptionalFeature cmdlet.
Answer: C