70-742 Dumps

70-742 Free Practice Test

Microsoft 70-742: Identity with Windows Server 2016

QUESTION 1

Your network contains a signle-domin Active Directory forest named contoso.com. The forest functional level is Windows Server 2016. The forest has Dynamic Access Control enabled.
The domin contains two domain controllers named DC1 and DC2. Privileged user accounts used to manage Active Directory reside in a group named Contoso\AD_Admins.
You create an authentication policy named Policy1 and an authentication policy silo named Silo1.
You need to ensure that the accounts in the Contoso\AD-Admins group can sign in to the domain controllers only.
Which three configurations should you perform? Each correction answer presents part of the solution.

Correct Answer: ADE

QUESTION 2

Your network contains an Active Directory forest named contoso.com. The forest contains a member server named Server1. Server1 has several line-of-business applications. Each application runs as a service that uses the Network Service account. You need to configure the line-of-business applications to run by using a virtual account. What should you do?

Correct Answer: A

QUESTION 3

Your network contains an Active Directory domain named contoso.com.
You plan to deploy a new Active Directory Rights Management Services (AD RMS) cluster on a server named Server1.
You need to create the AD RMS service account. The solution must use the principle of least privilege. What should you do?

Correct Answer: A

QUESTION 4

Note: This question is part of a series of questions that use the same or similar answer choice. An answer choice may be correct for more than one question in the series. Each question is Independent of the other questions in this series. Information and details provided in a question apply only to that question.
Your network contains an Active Directory domain named contoso.com. The domain functional level is Windows Server 2012 R2.
Your company hires 3 new security administrators to manage sensitive user data. You create a user account named Secunty1 for the security administrator.
You need to ensure that the password for Secunty1 has at least 12 characters and is modified every 10 days. The solution must apply to Security 1 only.
Which tool should you use?

Correct Answer: C
Using Fine-Grained Password Policies you specify multiple password policies in a single domain and apply different restrictions for password and account lockout policies to different sets of users in a domain. You can apply stricter settings to privileged accounts and less strict settings to the accounts of other users.To enable Fine-Grained Password Policies (FGPP), you need to open the Active Directory Administrative Center (ADAC)https://blogs.technet.microsoft.com/canitpro/2013/05/29/step-by-step-enabling-and-using-fine-grained-

QUESTION 5

Your network contains an Active Directory domain named contoso.com. The relevant objects in the domain are configured as shown in the following table.
<>> > > >>>< ><>>< >
Solution:


Does this meet the goal?

Correct Answer: A