70-742 Free Practice Test

Your network contains a signle-domin Active Directory forest named contoso.com. The forest functional level is Windows Server 2016. The forest has Dynamic Access Control enabled.
The domin contains two domain controllers named DC1 and DC2. Privileged user accounts used to manage Active Directory reside in a group named Contoso\AD_Admins.
You create an authentication policy named Policy1 and an authentication policy silo named Silo1.
You need to ensure that the accounts in the Contoso\AD-Admins group can sign in to the domain controllers only.
Which three configurations should you perform? Each correction answer presents part of the solution.

1. A. Create an access control condition in Policy1.
2. B. Create a managed service account and add the account to Permitted Accounts in Silo1.
3. C. Add the domain controllers to the Contoso\\AD_Admins group.
4. D. Add the privileged user accounts and the domain controllers to Permitted Accounts in Silo1.
5. E. Assign Silo1 to the privileged user accounts and the domain controllers.

Correct Answer: ADE

Your network contains an Active Directory forest named contoso.com. The forest contains a member server named Server1. Server1 has several line-of-business applications. Each application runs as a service that uses the Network Service account. You need to configure the line-of-business applications to run by using a virtual account. What should you do?

1. A. From the Services console, modify the Log On properties of the services.
2. B. From the Microsoft Application Compatibility Toolkit (ACT), create a shim.
3. C. From Windows PowerShell, run the Install-ADScrviceAccount cmdlet.
4. D. From Windows PowerShell, run the New-ADServiccAccount cmdlet.

Correct Answer: A

Your network contains an Active Directory domain named contoso.com.
You plan to deploy a new Active Directory Rights Management Services (AD RMS) cluster on a server named Server1.
You need to create the AD RMS service account. The solution must use the principle of least privilege. What should you do?

1. A. Create a domain user account and add the account to the Administrators group on Server1.
2. B. Create a local user account on Server1 and add the account to the Administrators group on Server1.
3. C. Create a domain user account and add the account to the Domain Users group in the domain
4. D. Create a domain user account and add the account to the Account Operators group in the domain.

Correct Answer: A

Note: This question is part of a series of questions that use the same or similar answer choice. An answer choice may be correct for more than one question in the series. Each question is Independent of the other questions in this series. Information and details provided in a question apply only to that question.
Your network contains an Active Directory domain named contoso.com. The domain functional level is Windows Server 2012 R2.
Your company hires 3 new security administrators to manage sensitive user data. You create a user account named Secunty1 for the security administrator.
You need to ensure that the password for Secunty1 has at least 12 characters and is modified every 10 days. The solution must apply to Security 1 only.
Which tool should you use?

1. A. Dsadd quota
2. B. Dsmod
3. C. Active Directory Administrative Center
4. D. Dsacis
5. E. Dsamain

Correct Answer: C
Using Fine-Grained Password Policies you specify multiple password policies in a single domain and apply different restrictions for password and account lockout policies to different sets of users in a domain. You can apply stricter settings to privileged accounts and less strict settings to the accounts of other users.To enable Fine-Grained Password Policies (FGPP), you need to open the Active Directory Administrative Center (ADAC)https://blogs.technet.microsoft.com/canitpro/2013/05/29/step-by-step-enabling-and-using-fine-grained-

Your network contains an Active Directory domain named contoso.com. The relevant objects in the domain are configured as shown in the following table.
<>> > > >>>< ><>>< >
Solution:


Does this meet the goal?

1. A. Yes
2. B. No

Correct Answer: A