70-742 Free Practice Test

Your network contains an Active Directory domain. The domain contains an organizational unit (OU) named FileServersOU. A Group Policy object (GPO) named GPO1 is linked to FileServersOU. FileServersOU contains all the file servers in the domain.
You make an urgent security edit to GPO1.
You need to ensure that all the file servers receive the updated setting as soon as possible. What should you do?

1. A. Right-click FileServersOU and click Group Policy Update…
2. B. Right-click the GPO link for GPO1 and click Enforced.
3. C. Right-click Group Policy Results and click Group Policy Results Wizard…
4. D. Right-click FileServersOU and click Refresh.

Correct Answer: A

You deploy a new certification authority (CA) to a server that runs Windows Server 2016. You need to configure the CA to support recovery of certificates.
What should you do first?

1. A. Modify the Recovery Agents settings from the properties of the CA.
2. B. Assign the Request Certificates permission to the user account that will be responsible for recovering certificates.
3. C. Configure the Key Recovery Agent template as a certificate template to issue.
4. D. Modify the extensions of the OCSP Response Signing template.

Correct Answer: C
References:
http://markgossa.blogspot.co.uk/2017/03/enable-key-archival-in-server-2012-r2.html

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory domain named contoso.com. The domain contains two domain controllers named DC1 and DC2.
DC1 holds the RID master operations role. DC1 fails and cannot be repaired. You need to move the RID role to DC2.
Solution: On DC2, you open Active Directory Users and Computers, click Operations Masters.., verify that dc2.contoso.com is listed on the RID tab, and click Change.
Does this meet the goal?

1. A. Yes
2. B. No

Correct Answer: B
This would work if DC1 was still online. In that case we would be “transferring” the role. However, as DC1 is offline, we need to “seize” the role which can only be done by using the ntdsutil command or the
Move-AddirectoryServerOperationMasterRole PowerShell cmdlet with the -Force parameter.

Your network contains an Active Directory domain. All client computers run Windows 10.
A client computer named Computer1 was in storage for five months and was unused during that time. You attempt to sign in to the domain from Computer1 and receive an error message.
You need to ensure that you can sign in to the domain from Computer1. What should you do?

1. A. Unjoin Computer1 from the domain, and then join the computer to the domain.
2. B. From Active Directory Administrative Center, reset the computer account of Computer1.
3. C. From Active Directory Administrative Center, disable Computer1, and then enable the computer account of Computer1.
4. D. From Active Directory Users and Computers, run the Delegation of Control Wizard.

Correct Answer: B

Your network contains an Active Directory domain named contoso.com.
The user account for a user named User1 is in an organizational unit (OU) named OU1. You need to enable User1 to sign in as user1@adatum.com.
Solution: From Active Directory Domains and Trusts, you configure an alternative UPN suffix, From Active Directory Administrative Center, you configure the User UPN logon property of User1.
Does this meet the goal?

1. A. Yes
2. B. No

Correct Answer: A