Skip Navigation Links
 

Microsoft - 70-742: Identity with Windows Server 2016

Sample Questions

Question: 282
Measured Skill: Create and manage Group Policy (25–30%)

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2016. All domain-joined computers have Fast Logon Optimization enabled.

You need to ensure that the next time a user signs in to Server1, the user-targeted Group Policy objects (GPOs) are processed fully before the user gains access to the desktop.

What should you run on Server?

AInvoke-GPUpdate with the -Logoff switch
B Invoke-GPUpdate with the -Boot switch
C gpupdate with the /force switch
D Invoke-GPUpdate with the -Sync switch

Correct answer: D

Explanation:

Fast Logon Optimization may cause you to sign in or restart the computer multiple times before certain Group Policy settings are applied to the client computer.

Policy settings are grouped into categories, such as Administrative Templates, Security Settings, Folder Redirection, Disk Quota, Software Installation, and the Group Policy preference extensions. The settings in each category require a specific CSE to process them, and each client-side extension (CSE) has its own rules for processing settings.

Asynchronous processing refers to processes that do not depend on the outcome of other processes. Therefore, they can occur on different threads simultaneously.

Synchronous processing refers to processes that depend on each other’s outcome. Therefore, synchronous processes must wait for the previous process to finish before the next process can start.

With Fast Logon Optimization, enabled Group Policy foreground processing runs asynchronously. When a CSE requires synchronous processing, policy settings do not apply during the asynchronous processing cycle.

Invoke-Gpupdate -Sync -Target "User" indicates that the cmdlet processes the next foreground Group Policy application for user settings to be done synchronously.

References:

Understand the Effect of Fast Logon Optimization and Fast Startup on Group Policy

Invoke-GPUpdate

gpupdate

Question: 283
Measured Skill: Install and configure Active Directory Domain Services (AD DS) (20–25%)

Your network contains an Active Directory domain named contoso.com. The domain contains the users shown in the following table.



The domain has the Password Settings Objects (PSOs) shown in the following table:



The domain has the Group Policy objects (GPOs) shown in the following table:



What is the minimum password length for each user?

(To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.)

www.cert2brain.com

AUser1: 8 Characters
User2: 8 Characters
B User1: 9 Characters
User2: 10 Characters
C User1: 9 Characters
User2: 8 Characters
D User1: 10 Characters
User2: 10 Characters
E User1: 7 Characters
User2: 6 Characters
F User1: 9 Characters
User2: 9 Characters

Correct answer: B

Explanation:

Password setting objects can be assigned to both user objects and global security groups. However, the RSoP can only be calculated for the user object. If several PSOs are linked to a user or a global group, the RSOP is calculated as follows:
  • It is first checked if a PSO is directly linked to the user account. If so, this PSO is used. If multiple PSOs are directly linked to the user account, the PSO that has the lowest value in the msDS-PasswordSettingsPrecedence attribute will win. If there are multiple PSOs with the same value in the attribute, the PSO will be applied to the user account whose GUID is lower

  • If no PSO is directly linked to the user object, the memberships in the user's global security groups are checked. If there is a group that is linked to a PSO, the PSO is applied to the user account by detour. If the user is in multiple global groups that have different PSOs associated with them, the PSO will be applied to the user account that has the lowest value in the msDS-PasswordSettingsPrecedence attribute. If multiple PSOs with the same value exist in the attribute, the PSO will be applied to the user account whose GUID is lower.
Note: The password policies that are configured in GPO1 and GPO2 are applied to the local user accounts of the computers included in OU1 and OU2, respectively. The password policies in GPO1 and GPO2 do not affect domain users.

Reference: Fine-Grained Password Policy in Active Directory

Question: 284
Measured Skill: Install and configure Active Directory Domain Services (AD DS) (20–25%)

Your network contains an Active Directory domain named adatum.com. The domain contains the objects shown in the following table.



GroupA has Full Control permissions to a folder named Folder1. GroupB has Full Control permissions to a folder named Folder2.

You run the following PowerShell script:

$m1 = Get-ADUser -Filter {Name -eq 'User01'}
$m2 = Get-ADUser -Filter {Name -eq 'User1'}
Add-ADGroupMember -Identity Group1 -Members $m1
Add-ADGroupMember -Identity Group2 -Members $m2
Add-ADGroupMember -Identity GroupA -Members User01
Add-ADGroupMember -Identity GroupA -Members Group2
Add-ADGroupMember -Identity GroupB -Members User10
Add-ADGroupMember -Identity GroupB -Members Group1


For each of the following statements, select Yes if the statement is true. Otherwise, select No.

(To answer, select the appropriate objects in the answer area.)

www.cert2brain.com

AUser1 has Full Controll permissions to Folder1: Yes
User11 has Full Controll permissions to Folder2: Yes
User01 has Full Controll permissions to Folder2: Yes
B User1 has Full Controll permissions to Folder1: Yes
User11 has Full Controll permissions to Folder2: Yes
User01 has Full Controll permissions to Folder2: No
C User1 has Full Controll permissions to Folder1: Yes
User11 has Full Controll permissions to Folder2: No
User01 has Full Controll permissions to Folder2: Yes
D User1 has Full Controll permissions to Folder1: No
User11 has Full Controll permissions to Folder2: Yes
User01 has Full Controll permissions to Folder2: Yes
E User1 has Full Controll permissions to Folder1: No
User11 has Full Controll permissions to Folder2: No
User01 has Full Controll permissions to Folder2: Yes
F User1 has Full Controll permissions to Folder1: No
User11 has Full Controll permissions to Folder2: No
User01 has Full Controll permissions to Folder2: No

Correct answer: C

Explanation:

User1 is addedd to Group2 (lines 2, 4). In line 6, Group2 is added to GroupA. GroupA has full access to Folder1.

User11 is not added to a group by the script. User11's account is unaffected by the script.

User01 is added to Group1 (line 1, 3). Group1 is added to GroupB (line 8). GroupB has full access to Folder2.

Question: 285
Measured Skill: Implement identity federation and access solutions (15–20%)

You are the network administrator for a company named Contoso, Ltd. Contoso has a partner company named Fabrikam, Inc.

The networks of both companies contain Active Directory forests. The functional level of both forests is Windows Server 2016. Both forests have Active Directory Rights Management Services (AD RMS) and Microsoft Exchange Server 2016 installed.

The users in both forests can access AD RMS and Exchange servers.

You need to ensure that the Contoso users can access rights-protected content of the Fabrikam users. The solution must minimize changes to the AD RMS clients and must eliminate the need to exchange AD RMS private keys.

Which three steps do you perform in sequence?

(To answer, move the appropriate three actions from the list of actions to the answer area and arrange them in the correct order.)

www.cert2brain.com

ASequence: 5, 6, 3
B Sequence: 5, 6, 4
C Sequence: 2, 1, 3
D Sequence: 2, 1, 4

Correct answer: B

Explanation:

In a default AD RMS installation, use licenses are not issued to users whose rights account certificates were issued by a different AD RMS cluster. You can configure AD RMS so that it processes this type of request by importing the trusted user domain of another AD RMS installation.

The trusted user domain must be exported from one AD RMS cluster and then imported into the other. A trusted user domain is required only if the AD RMS clusters are in a different forest.

The following Technet article provide a complete step-by-step guide:

Configure AD RMS to Work Across Forests

Question: 286
Measured Skill: Create and manage Group Policy (25–30%)

Your network contains an Active Directory domain named adatum.com.

You have a Central Store for Group Policy. You have a custom administrative template that contains the settings for an application named App1.

Administrators who use computers in French report that the App1 settings always appear in English. You need to ensure that the App1 settings always appear in French for users who have French computers.

What should you do?

(To answer, select the appropriate option in the answer area. NOTE: Each correct selection is worth one point.)

www.cert2brain.com

AFile type to create: ADM
Copy file to: \\adatum.com\sysvol\adatum.com\policies\PolicyDefinitions\fr-fr\
B File type to create: ADM
Copy file to: C:\Windows\PolicyDefinitions\fr-fr\
C File type to create: ADML
Copy file to: \\adatum.com\sysvol\adatum.com\staging\domain\fr-fr\
D File type to create: ADML
Copy file to: \\adatum.com\sysvol\adatum.com\policies\PolicyDefinitions\fr-fr\
E File type to create: ADMX
Copy file to: \\adatum.com\netlogon\fr-fr\
F File type to create: ADMX
Copy file to: \\adatum.com\sysvol\adatum.com\staging\domain\fr-fr\

Correct answer: D

Explanation:

Starting with Windows Server 2008 / Windows Vista, ADMX and ADML files are used for GPOs. ADMX files contain the settings of a GPO and ADML files contain language-specific descriptions of the settings.

By default, the Group Policy Management Console reads administrative template files from the C:\Windows\PolicyDefinitions directory of the local computer.

To allow a consistent appearance of the administrative templates when using your own template files on all the management computers, you can create a central store for template files, which is replicated to all domain controllers within the Sysvol directory. If a central store exists, the template files are no longer loaded from the local PolicyDefinitions folder but from the PolicyDefinitions folder of the domain.

To create a central store for storing ADMX and ADML files, you need to create a new folder on a domain controller below the SYSVOL share, named PolicyDefinitions (\\domainname\sysvol\domainname\policies\PolicyDefinitions). You can create the folder on any domain controller, but you should preferably use the domain controller with the PDC Emulator Operations Master role. Once the folder has been created, copy all the content from your local Windows 10 folder C:\Windows\PolicyDefinitions to the new folder.

The language files (ADML files) of the Group Policy settings are stored in a language-specific folder (e.g., fr-fr, en-us, etc.) below the PolicyDefinitions folder.



 
Tags: exam, examcollection, exam simulation, exam questions, questions & answers, training course, study guide, vce, braindumps, practice test
 
 

© Copyright 2014 - 2020 by cert2brain.com