Skip Navigation Links
 

Microsoft - 70-743: Upgrading Your Skills to MCSA: Windows Server 2016

Sample Questions

Question: 514
Measured Skill: Install and configure Active Directory Domain Services (AD DS)

Your network contains an Active Directory forest named contoso.com. Your company plans to hire 500 temporary employees for a project that will last 90 days.

You create a new user account for each employee. An organizational unit (OU) named Temp contains the user accounts for the employees.

You need to prevent the new users from accessing any of the resources in the domain after 90 days.

What should you do?

ARun the Get-ADOrganizationalUnit cmdlet and pipe the output to the Set-Date cmdlet.
B Run the Get-ADOrganizationalUnit cmdlet and pipe the output to the Set-ADAccountPassword cmdlet.
C Run the Get-ADUser cmdlet and pipe the output to the Set-ADAccountExpiration cmdlet.
D Create a Group Policy object (GPO) and link the GPO to the Temp OU. Modify the Account Lockout Policy of the GPO.

Correct answer: C

Explanation:

The Set-ADAccountExpiration cmdlet sets the expiration time for a user, computer, or service account. To specify an exact time, use the DateTime parameter. To specify a time period from the current time, use the TimeSpan parameter.

The Identity parameter specifies the Active Directory account to modify.

Example:

Get-ADUser -Filter * -SearchBase "OU=OU1,DC=contoso,DC=com" | Set-ADAccountExpiration -DateTime "12/31/2019"

Question: 515
Measured Skill: Install and configure Active Directory Domain Services (AD DS)

Your network contains an Active Directory forest. The forest contains a forest root domain named contoso.com and a child domain named eu.contoso.com. Each domain contains two domain controllers that run Windows Server 2012 R2.

The forest functional level is Windows Server 2008 R2. The domain functional level of contoso.com is Windows Server 2012 R2. The domain functional level of eu.contoso.com is Windows Server 2008 R2.

You need to raise the domain functional level of contoso.com to Windows Server 2016. The solution must minimize administrative effort.

What should you do before you raise the domain functional level?

ARaise the forest functional level.
B Upgrade all of the domain controllers in the forest.
C Upgrade all of the domain controllers in contoso.com.
D Raise the domain functional level of eu.contoso.com.

Correct answer: C

Explanation:

Functional levels determine the available Active Directory Domain Services (AD DS) domain or forest capabilities. They also determine which Windows Server operating systems you can run on domain controllers in the domain or forest. However, functional levels do not affect which operating systems you can run on workstations and member servers that are joined to the domain or forest.

When you deploy AD DS, set the domain and forest functional levels to the highest value that your environment can support. This way, you can use as many AD DS features as possible. When you deploy a new forest, you are prompted to set the forest functional level and then set the domain functional level. You can set the domain functional level to a value that is higher than the forest functional level, but you cannot set the domain functional level to a value that is lower than the forest functional level.

Before we raise the domain functional level of contoso.com to Windows Server 2016, we need to ensure that the domain contains only domain controllers that run Windows Server 2016 or higher.

Question: 516
Measured Skill: Implement identity federation and access solutions

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs a Server Core installation of Windows Server 2016.

Server1 is configured as an Active Directory Rights Management Services (AD RMS) server for the domain.

You need to install the Identity Federation Support role service on Server1.

What should you do first?

ARun the Install-WindowsFeature NET-Framework-45-ASPNET cmdlet.
B Install a Server with Desktop Experience installation of Windows Server 2016.
C Run the Add-AdfsClient cmdlet.
D Run the Install-WindowsFeature Desktop-Experience cmdlet.

Correct answer: C

Explanation:

The Identity Federation Support (ADRMS-Identity) role service can be installed on a Windows Server 2016 server with the graphical user interface without any additional precautions.

The Identity Federation Support role service is included with Windows Server 2016 Server Core.

The .Net Framework 4.6 features (NET Framework 45 ASPNET) have already been installed during the installation of the Active Directory Rights Management Services role.

Excluding invalid answers, answer C remains as the only possible solution.

Role services included in Server Core

Question: 517
Measured Skill: Install and configure Active Directory Domain Services (AD DS)

Your network contains an Active Directory forest named contoso.com. The forest contains the root domain and two child domains named child1.contoso.com and child2.contoso.com.

Child1 contains three domain controllers named DC1, DC2, and DC3. Child2 contains one domain controller named DC4.

You have two accounts named Child1\Admin1 and Child2\Admin2 that you use to perform administrative tasks. Currently, the accounts can manage only the member servers in their respective domain.

You plan to demote DC3 and to remove the Child2 domain.

You need to ensure that Admin1 can demote DC3 and that Admin2 can demote DC4. The solution must use the principle of least privilege.

To which groups should you add Admin1 and Admin2?

(To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.)

www.cert2brain.com

AAdmin1: Child1\Domain Admins
Admin2: Contoso\Enterprise Admins
B Admin1: Child1\Server Operators
Admin2: Child2\Server Operators
C Admin1: Contoso\Domain Admins
Admin2: Contoso\Schema Admins
D Admin1: Contoso\Domain Admins
Admin2: Contoso\Domain Admins
E Admin1: Contoso\Enterprise Admins
Admin2: Child2\Domain Admins
F Admin1: Contoso\Schema Admins
Admin2: Contoso\Schema Admins

Correct answer: A

Explanation:

Demoting an additional domain controller requires Domain Admin credentials.

Demoting the last domain controller in a domain requires Enterprise Admins group membership, as this removes the domain itself (if the last domain in the forest, this removes the forest). Server Manager informs you if the current domain controller is the last domain controller in the domain. Select the Last domain controller in the domain check box to confirm the domain controller is the last domain controller in the domain.

Reference: Demoting Domain Controllers and Domains

Question: 518
Measured Skill: Install and configure Active Directory Domain Services (AD DS)

Your network contains an Active Directory domain. The domain contains two domain controllers named DC1 and DC2. DC2 is a virtual machine that is hosted on a Hyper-V host named HyperV1. DC1 holds the PDC emulator operations master role.

You need to create a new domain controller named DC3 by using domain controller cloning.

Which five actions should you perform in sequence before you can import the cloned virtual machine?

(To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. NOTE: More than one order of answer choices is correct. You will receive credit for any of the correct orders you select.)

www.cert2brain.com

ASequence: 5, 1, 4, 6, 3
B Sequence: 2, 1, 4, 6, 3
C Sequence: 6, 4, 1, 3, 5
D Sequence: 6, 3, 1, 4, 5

Correct answer: B

Explanation:

The first step in the cloning process is to add the source DC to the Cloneable Domain Controllers group.

Second, you should use the Get-ADDCCloningExcludedApplicationList cmdlet to check, if there are any services or third party apps installed that prevent the domain controller from beeing cloned.

Then you can use the New-ADDCCloneConfigFile cmdlet to create the DCCloneConfig.xml configuration file. DCCloneConfig.xml is an XML configuration file that contains all of the settings the cloned DC will take when it boots. This includes network settings, DNS, WINS, AD site name, new DC name and more.

The last step now is to export the source virtual machine. This can be accomplished via PowerShell or the Hyper-V management console. First, turn off the source DC then export the VM.

Virtual Domain Controller Cloning in Windows Server 2012



 
Tags: exam, examcollection, exam simulation, exam questions, questions & answers, training course, study guide, vce, braindumps, practice test
 
 

© Copyright 2014 - 2019 by cert2brain.com