問題1
Your network contains an enterprise root certification authority (CA) named CA1.
Multiple computers on the network successfully enroll for certificates that will expire in one year. The certificates are based on a template named Secure_Computer. The template uses schema version 2.
You need to ensure that new certificates based on Secure_Computer are valid for three years.
What should you do?
Your network contains an enterprise root certification authority (CA) named CA1.
Multiple computers on the network successfully enroll for certificates that will expire in one year. The certificates are based on a template named Secure_Computer. The template uses schema version 2.
You need to ensure that new certificates based on Secure_Computer are valid for three years.
What should you do?
正確答案: A
問題2
Note: This question is part of a series of questions that use the same scenario. For your convenience, the scenario is repeated in each question. Each question presents a different goal and answer choices, but the text of the scenario is exactly the same in each question in this series.
Start of repeated scenario.
Your network contains an Active Directory domain named contoso.com. The domain contains a single site named Site1. All computers are in Site1.
The Group Policy objects (GPOs) for the domain are configured as shown in the exhibit. (Click the Exhibit button.)
The relevant users and client computer in the domain are configured as shown in the following table.
End of repeated scenario.
You are evaluating what will occur when you disable the Group Policy link for A6.
Which GPOs will apply to User2 when the user signs in to Computer1 after the link for A6 is disabled?
Note: This question is part of a series of questions that use the same scenario. For your convenience, the scenario is repeated in each question. Each question presents a different goal and answer choices, but the text of the scenario is exactly the same in each question in this series.
Start of repeated scenario.
Your network contains an Active Directory domain named contoso.com. The domain contains a single site named Site1. All computers are in Site1.
The Group Policy objects (GPOs) for the domain are configured as shown in the exhibit. (Click the Exhibit button.)
The relevant users and client computer in the domain are configured as shown in the following table.
End of repeated scenario.
You are evaluating what will occur when you disable the Group Policy link for A6.
Which GPOs will apply to User2 when the user signs in to Computer1 after the link for A6 is disabled?
正確答案: A
問題3
You network contains an Active Directory domain named contoso.com. The domain contains an Active Directory Federation Services (AD FS) server named ADFS1, a Web Application Proxy server named WAP1, and a web server named Web1.
You need to publish a website on Web1 by using the Web Application Proxy. Users will authenticate by using OAuth2 preauthentication.
What should you do first?
You network contains an Active Directory domain named contoso.com. The domain contains an Active Directory Federation Services (AD FS) server named ADFS1, a Web Application Proxy server named WAP1, and a web server named Web1.
You need to publish a website on Web1 by using the Web Application Proxy. Users will authenticate by using OAuth2 preauthentication.
What should you do first?
正確答案: C
問題4
Your network contains a signle-domin Active Directory forest named contoso.com. The forest functional level is Windows Server 2016. The forest has Dynamic Access Control enabled.
The domin contains two domain controllers named DC1 and DC2. Privileged user accounts used to manage Active Directory reside in a group named Contoso\AD_Admins.
You create an authentication policy named Policy1 and an authentication policy silo named Silo1.
You need to ensure that the accounts in the Contoso\AD-Admins group can sign in to the domain controllers only.
Which three configurations should you perform? Each correction answer presents part of the solution.
Your network contains a signle-domin Active Directory forest named contoso.com. The forest functional level is Windows Server 2016. The forest has Dynamic Access Control enabled.
The domin contains two domain controllers named DC1 and DC2. Privileged user accounts used to manage Active Directory reside in a group named Contoso\AD_Admins.
You create an authentication policy named Policy1 and an authentication policy silo named Silo1.
You need to ensure that the accounts in the Contoso\AD-Admins group can sign in to the domain controllers only.
Which three configurations should you perform? Each correction answer presents part of the solution.
正確答案: A,B,E
問題5
Your network contains an Active Directory domain named contoso.com. The domain contains a member server named Server1 that runs Windows Server 2016.
Server1 has IP Address Management (IPAM) installed. IPAM uses a Windows Internal Database.
You install Microsoft SQL Server on Server1.
You plan to move the IPAM database to SQL Server.
You need to create a SQL Server login for the IPAM service account.
For which user should you create the login? To answer, select the appropriate options in the answer area.
Your network contains an Active Directory domain named contoso.com. The domain contains a member server named Server1 that runs Windows Server 2016.
Server1 has IP Address Management (IPAM) installed. IPAM uses a Windows Internal Database.
You install Microsoft SQL Server on Server1.
You plan to move the IPAM database to SQL Server.
You need to create a SQL Server login for the IPAM service account.
For which user should you create the login? To answer, select the appropriate options in the answer area.
正確答案:
Explanation
References:
https://blogs.technet.microsoft.com/yagmurs/2014/07/31/moving-ipam-database-from-windows-internal-databas
問題6
You network contains an Active Directory domain named contoso.com. The domain contains 1,000 desktop computers and 500 laptops. An organizational unit (OU) named OU1 contains the computer accounts for the desktop computers and the laptops.
You create a Windows PowerShell script named Script1.ps1 that removes temporary files and cookies. You create a Group Policy object (GPO) named GPO1 and link GPO1 to OU1.
You need to run the script once weekly only on the laptops.
What should you do?
You network contains an Active Directory domain named contoso.com. The domain contains 1,000 desktop computers and 500 laptops. An organizational unit (OU) named OU1 contains the computer accounts for the desktop computers and the laptops.
You create a Windows PowerShell script named Script1.ps1 that removes temporary files and cookies. You create a Group Policy object (GPO) named GPO1 and link GPO1 to OU1.
You need to run the script once weekly only on the laptops.
What should you do?
正確答案: B
問題7
Note: This question is part of a series of questions that use the same or similar answer choices. An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in this series. Information and details provided in a question apply only to that question.
Your network contains an Active Directory domain named contoso.com. The domain functional level is Windows Server 2012 R2.
Your company hires a new security administrator to manage sensitive user data.
You create a user account named Security1 for the security administrator.
You need to ensure that the password for Security1 has at least 12 characters and is modified every 10 days.
The solution must apply to Security1 only.
Which tool should you use?
Note: This question is part of a series of questions that use the same or similar answer choices. An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in this series. Information and details provided in a question apply only to that question.
Your network contains an Active Directory domain named contoso.com. The domain functional level is Windows Server 2012 R2.
Your company hires a new security administrator to manage sensitive user data.
You create a user account named Security1 for the security administrator.
You need to ensure that the password for Security1 has at least 12 characters and is modified every 10 days.
The solution must apply to Security1 only.
Which tool should you use?
正確答案: A
問題8
Your network contains an Active Directory domain named contoso.com.
The domain contains an enterprise root certification authority (CA) on a server that runs Windows Server
2016.
You need to configure the CA to support Online Certificate Status Protocol (OCSP) responders.
Which two actions should you perform? Each correct selection presents part of the solution.
NOTE: Each correct selection is worth one point.
Your network contains an Active Directory domain named contoso.com.
The domain contains an enterprise root certification authority (CA) on a server that runs Windows Server
2016.
You need to configure the CA to support Online Certificate Status Protocol (OCSP) responders.
Which two actions should you perform? Each correct selection presents part of the solution.
NOTE: Each correct selection is worth one point.
正確答案: B,D
說明:(僅 NewDumps 成員可見)
問題9
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory forest named contoso.com. The forest contains a member server named Server1 that runs Windows Server 2016. All domain controllers run Windows Server 2012 R2.
Contoso.com has the following configuration.
PS C:\> (Get-ADForest).ForestMode
Windows2008R2Forest
PS C:\> (Get-ADDomain).DomainMode
Windows2008R2Domain
PS C:\>
You plan to deploy an Active Directory Federation Services (AD FS) farm on Server1 and to configure device registration.
You need to configure Active Directory to support the planned deployment.
Solution: You raise the domain functional level to Windows Server 2012 R2.
Does this meet the goal?
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory forest named contoso.com. The forest contains a member server named Server1 that runs Windows Server 2016. All domain controllers run Windows Server 2012 R2.
Contoso.com has the following configuration.
PS C:\> (Get-ADForest).ForestMode
Windows2008R2Forest
PS C:\> (Get-ADDomain).DomainMode
Windows2008R2Domain
PS C:\>
You plan to deploy an Active Directory Federation Services (AD FS) farm on Server1 and to configure device registration.
You need to configure Active Directory to support the planned deployment.
Solution: You raise the domain functional level to Windows Server 2012 R2.
Does this meet the goal?
正確答案: B
說明:(僅 NewDumps 成員可見)
問題10
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You deploy a new Active Directory forest.
You need to ensure that you can create a group Managed Service Account (gMSA) for multiple member servers.
Solution: You configure Kerberos constrained delegation on the computer account of each domain controller.
Does this meet the goal?
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You deploy a new Active Directory forest.
You need to ensure that you can create a group Managed Service Account (gMSA) for multiple member servers.
Solution: You configure Kerberos constrained delegation on the computer account of each domain controller.
Does this meet the goal?
正確答案: B
問題11
Your network contains an Active Directory domain named adatum.com. The domain contains a security group named G_Research and an organizational unit (OU) named OU_Research.
All the users in the research department are members of G_Research and their user accounts are in OU_Research.
You need to ensure that all the research department users change their password every 28 days and enforce a complex password that is 12 characters long.
What should you do?
Your network contains an Active Directory domain named adatum.com. The domain contains a security group named G_Research and an organizational unit (OU) named OU_Research.
All the users in the research department are members of G_Research and their user accounts are in OU_Research.
You need to ensure that all the research department users change their password every 28 days and enforce a complex password that is 12 characters long.
What should you do?
正確答案: D
問題12
Your network contains an Active Directory forest. The forest contains a domain named contoso.com. The domain contains three domain controllers.
A domain controller named lon-dc1 fails. You are unable to repair lon-dc1.
You need to prevent the other domain controllers from attempting to replicate to lon-dc1.
Solution: From Active Directory Sites and Trusts, you transfer the operations master roles from lon-dc1.
Does this meet the goal?
Your network contains an Active Directory forest. The forest contains a domain named contoso.com. The domain contains three domain controllers.
A domain controller named lon-dc1 fails. You are unable to repair lon-dc1.
You need to prevent the other domain controllers from attempting to replicate to lon-dc1.
Solution: From Active Directory Sites and Trusts, you transfer the operations master roles from lon-dc1.
Does this meet the goal?
正確答案: B