Your network contains an AD forest named contoso.com. The forest contains an AD rights management services (AD RMS) deployment. Your company established a partnership with another company named Fabrikam, Inc. The network of Fabrikam contains an AD forest
NO
Your network contains an AD forest named contoso.com. The forest contains an AD rights management services (AD RMS) deployment. Your company established a partnership with another company named Fabrikam, Inc. The network of Fabrikam contains an AD forest
YES
Your network contains an AD forest named contoso.com. The forest contains an AD rights management services (AD RMS) deployment. Your company established a partnership with another company named Fabrikam, Inc. The network of Fabrikam contains an AD forest
NO
Your network contains an AD forest named contoso.com. The forest contains a member server named Server1 that runs server 2016. All domain controllers run Server 2012 R2. Contoso.com has the following confiugration:
PS C:\> (Get-ADForest).ForestMode Window
YES
our network contains an AD forest named contoso.com. The forest contains a member server named Server1 that runs server 2016. All domain controllers run Server 2012 R2. Contoso.com has the following confiugration:
PS C:\> (Get-ADForest).ForestMode Windows
YES
our network contains an AD forest named contoso.com. The forest contains a member server named Server1 that runs server 2016. All domain controllers run Server 2012 R2. Contoso.com has the following confiugration:
PS C:\> (Get-ADForest).ForestMode Windows
NO
Your network contains an AD domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2016. The computer account for Server1 is in an OU named OU1. You create a GPO named GPO1 and link GPO1 to OU1. You need to add a dom
NO
Your network contains an AD domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2016. The computer account for Server1 is in an OU named OU1. You create a GPO named GPO1 and link GPO1 to OU1. You need to add a dom
YES
Your network contains an AD domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2016. The computer account for Server1 is in an OU named OU1. You create a GPO named GPO1 and link GPO1 to OU1. You need to add a dom
NO
Your network contains an AD domain named contoso.com. The domain contains a domain controller named Server1. You recently restored a backup of the AD database from Server1 to an alternate location. The restore operation does not interrupt the AD services
Dsamain
Your network contains an AD domain named contoso.com. You need to limit the number of Active Directory Domain Services (AD DS) objects that a user can create in the domain. Which tool should you use?
Dsadd quota
Your network contains an AD forest named contoso.com. The forest functional level is Server 2012 R2. You need to ensure that a domain administrator can recover a deleted AD object quickly. Which tool should you use?
Active Directory Administrative Center
You have user that access web applications by using HTTPS. The web applications are located on the servers in your perimeter network. The servers use certificates obtained from an enterprise root CA. The certificates are generated by using a custom templa
Modify the CRL distribution point, and then reissue the certificates used by the web applications servers.
Your network contains an AD domain named contoso.com. The domain contains an enterprise CA named CA1. You have a test environment that is isolated physically from the corporate network and the Internet. You deploy a web server to the test environment. On
From the properties of Web_Cert_Test, set the Compatibility setting of CA1 to Windows Server 2016
Your network contains an AD forest named contoso.com. The forest contains a single domain. The domain contains a server named Server1. An administrator named Admin01 plans to configure Server1 as a standalone CA. You need to identify to which group Admin0
Administrators on Server1
You network contains an AD forest named contoso.com The forest contains several domains. An administrator named Admin01 installs Server 2016 on a server named Server1 and then joins Server1 to the contoso.com domain. Admin01 plans to configure Server1 as
Enterprise Admins in the contoso.com domain
You network contains an enterprise root certification authority (CA) named CA1. Multiple computers on the network successfully enroll for certificates that will expire in one year. The certificates are based on a template named Secure_Computer. The templa
Modify the Validity period for the certificate template
You deploy a new enterprise certification authority (CA) named CA1. You plan to issue certificate based on the User certificate template. You need to ensure that the issued certificates are valid for two years and support autoenrollment. What should you d
Duplicate the User certificate template
Your network contains an AD forest named contoso.com. The forest contains three domains named contoso.com, corp.contoso.com, and ext.contoso.com. The forest contains three AD sites named Site1, Site2, and Site3. You have the three administrators as descri
Admin 1 and Admin3 only
Your notwork contains an AD domian named contoso.com. The domain contains a (GPO) named GPO1. You configure the Internet Settings preference in GPO1 as shown in the exhibit:
Home page: http://www.contoso.com
...
A user reports that the homepage of Interne
Edit the GPO1 preference and press F5
Your network contains an AD domain named contoso.com. The domain contains 1000 desktop computers and 500 laptops. An organizational unit (OU) named OU1 contains the computer accounts for the desktop computers and the laptops. You create a Windows PowerShe
In GPO1, create a Scheduled Tasks preference that uses item-level targeting
Your network contains an AD domain nmaed contoso.com. You have an OU named TesstOU that contains test computers. You need to enable a technician named Tech1 to create GPOs and link the GPOs to TestOU. The solution must use the principle of least privilege
Add Tech1 to the Group Policy Creator Owners group
From Group Policy Management, modify the Delegation settings of the TestOU OU
Your company recently deployed a new child domain to an AD forest. You discover that a user modified the Default Domain Policy to configure several Windows components in the child domain. A company policy states that the Default Domain Policy must be used
From a command prompt, run the dcgpofix.exe command
Your network contains an AD domain named contoso.com. You have an OU named OU1 that contains the computer accounts of two servers and the user account of an users named User1. A GPO named GPO1 is linked OU1. You have an application named App1 that install
Create a Config.zap file and add a software installation package to the User Configuration node of GPO1
Your network contains an AD domain named contoso.com. You open Group Policy Management as shown in the exhibit:
OU1
>A1
>A2
>OU2
Contents: Forest:Contoso.com
...
You discover that some of the settings in the A1 Group Policy object (GPO) fail to apply to t
Modify the policy processing order for OU1
Your network contains an AD domain named contoso.com. You have a GPO named GPO1. GPO1 is linked to an OU named OU1. GPO1 contains seveal corporate desktop restrictions that apply to all computers. You plan to deploy a printer to the computers in OU1. You
a computer preference that uses item-level targeting
Your network contains an AD domain named contoso.com. The domain contains 5000 user accounts. You have a GPO named DomainPolicy that is linked to the domain and a GPO named DCPolicy that is linked to the Domain Controllers OU. You need to use the applicat
From the Computer Configuration node of DomainPolicy, modify the Security Settings
Your network contains an AD domain named contoso.com. The domain contains 5000 user accounts. You have a GPO named Domain Policy that is linked to the domain and a GPO named DCPolicy that is linked to the Domain Controllers OU. You need to configure the D
From the User Configuration node of DomainPolicy, modify Folder Redirection
Your network contains an AD domain named contoso.com. The domain contains 5000 user accounts. You have a GPO named DomainPolicy that is linked to the domain and a GPO named DCPolicy that is linked to the Domain Controllers OU. You need to force users to c
From the Computer Configuration node of DomainPolicy, modify Security Settings
You work for a company named Contoso, Ltd. The network contains an AD forst named contoso.com. A forest trust exists between contoso.com and an AD forst named adatum.com. The contoso.com forest contains the objects configured as shown:
.........
Group1 an
the Managed By settings of Group5
You work for a company named Contoso, Ltd. The network contains an AD forst named contoso.com. A forest trust exists between contoso.com and an AD forst named adatum.com. The contoso.com forest contains the objects configured as shown:
.........
Group1 an
Modify the group scope of Group3
Your network contains an AD domain named contoso.com. The domain contains a single site named Site1. All computers are in Site1. The GPO for the domain are configured as shown:
>Domain Controllers
>OU1
>>A5
>>OU2
>>>A4
>>OU3
>>>A6
>>>OU4
>>>>A7
Forest: Co
A7 only
Your network contains an AD domain named contoso.com. The domain contains a single site named Site1. All computers are in Site1. The GPO for the domain are configured as shown:
>Domain Controllers
>OU1
>>A5
>>OU2
>>>A4
>>OU3
>>>A6
>>>OU4
>>>>A7
Forest: Co
A3, A1, A5, and A4 only
Your network contains an AD forest named contoso.com. You have an AD FS farm. The farm contains a server named server1 that runs Server 2012 R2. You add a server named Server2 to the farm. Server2 runs Server 2016. You remove Server1 from the farm. You ne
Invoke-AdfsFarmBehaviorLevelRaise
Your network contains an AD forest named contoso.com. The forest contains a member server named Server1 that runs Server 2016. Server1 is located in the perimeter network. You install the AD FS server role on Server1. You create an AD FS farm by using a c
443
49443
You have a server named Server1 that runs Server 2016. You need to configure Server1 as a Web Application Proxy. Which server role or role service should you install on server1?
Remote Access
Your network contains an AD forest named contoso.com. Your company plans to hire 500 temporary employees for a project that will last 90 days. You create a new user account for each employee. An OU named Temp contains the user accounts for the employees.
Run the Get-ADUser cmdlet and pipe the output to the Set-ADUser cmdlet
Your network contains an AD forest the forest contains two domains named litwareinc.com and contoso.com. The contoso.com domain contains two domain controllers named LON-DC01 and LON-DC02. The domain controllers are located in a site named London that is
From Active Directory Sites and Services, modify the NTDS Settings object of LON-DC-02
Your network contains an AD domain named contoso.com. The domain functional level is Server 2012 R2. You need to secure several high-privilege user accoutns to meet the following requirements: Prevent authentication by using NTLM. Use Kerberos to verify a
Add the user to the Protected Users group
Your network contains an AD forest named contoso.com. A partner company has a forest named fabrikam.com. Each forest contains one domain. You need to provide access for a group named Research in fabrikam.com to resources in contoso.com. The solution must
Create a one-way forest trust from contoso.com to fabrikam.com thta uses selective authentication.
You have an enterprise CA named CA1. You have a certificate template named UserAUtoEnroll that is based on the User certificate template. Domain users are configured to autoenroll for UserAutoEnroll. A user named User1 has an email address defined in AD.
Subject Name
You are configuring AD FS. Which server should you deploy on your organizations perimeter network?
Web application proxy
Which of the following CA types would you deploy if you wanted to deploy a CA at the top of a hierarchy that could issue signing certificates to other CAs and which would be taken offline if not issuing, renewing, or revoking signing certificates?
Standalone root
You need to ensure that clients will check at least every 30 minutes as to whether a certificate has been revoked. Which of the following should you configure to accomplish this goal?
Delta CRL publication interval
Your network contains an AD forest named contoso.com. Users frequently access the website of an external partner company. The URL of the website is http://partners.adatum.com. The partner company informs you that is will perform maintenance on its Web ser
Run Set-DnsServerCache
Your network contains one AD domain named adatum.com. The domain contains a DNS server named server1 that runs Server 2016. All domain computers use Server1 for DNS. You sign adatum.com by using DNSSEC. You need to configure the domain computers to valida
Name Resolution Policy
Your network contains an AD domain named contoso.com. Domain users use smart cards to sign in to their client computer. Some users report that it takes a long time to sign in to their computer and that the logon attempt times out, so they must restart the
Implement an Online Certification Status Protocol (OCSP) responder
You deploy a new AD forest. You need to ensure that you can create a group Managed Service Account (gMSA) for multiple member servers.
From Windows PowerShell on a domain controller, you run the Set-KdsConfiguration cmdlet. Does this meet the goal?
NO
You work for a company named Contoso, Ltd. The network contains an AD forst named contoso.com. A forest trust exists between contoso.com and an AD forst named adatum.com. The contoso.com forest contains the objects configured as shown:
.........
Group1 an
Remove all the members from Group1
You have an AD Right Management Services (AD RMS) server named RMS1. Multiple documents are protected by using RMS1. RMS1 fails and cannot be recoverd. You install the AD RMS server role on a new server named RMS2. You restore the AD RMS database from RMS
From RMS2, register a service principal name (SPN) in Active Directory
Your network contains an AD domain named contoso.com. You recently deleted 5000 objects from the AD database. You need to reduce the amount of disk space used to store the AD database on a domain controller. Which tool should you use?
Ntdsutil
Your network contains an AD domain named contoso.com. The domain contains an enterprise CA named CA1. You duplicate the Computer certificate template, and you name the template Cont_Computers. You need to ensure that all of the certificates issued based o
From the properties of Cont_Computers, modify the Cryptography settings
You have a server named Web1 that runs Server 2016. You need to list all the SSL certificates on Web1 that will expire during the next 60 days.
You run the following command. Get-ChildItem Cert:\LocalMachine\My |? {$_.NotAfter --It (Get-Date).AddDays( 60
YES
Your network contains an AD domain named contoso.com. The domain contains a user named User1 and an OU named OU1. You create a GPO named GPO1. You need to ensure that User1 can link GPO1 to OU1. What should you do?
Modify the security settings of OU1
You deploy a new AD forest. You need to ensure that you can create a group Managed Service Account (gMSA) for multiple member servers.
You configure Kerberos constrained delegation on the computer account of each member server. Does this meet the goal?
NO
Your network contains an AD domain named contoso.com. The domain contains a DNS server named Server1. All client computers run Windows 10. On Server1, you have the following zone configuration:
.....
You need to ensure that all of the client computers in
YES
Your network contains an AD domain named contoso.com. The domain contains an AD FS server named ADFS1, a Web Application Proxy server named WAP1, and a web server named Web1. You need to publish a website on Web1 by using the Web Application Proxy. Users
On ADFS1, enable an endpoint
Your network contains an AD domain named contoso.com. The domain contains five domain controllers. You have a branch office that has a local support technician named Tech1. Tech1 installs Windows Server 2016 on a server named RODC1 in a workgroup. You nee
Instruct Tech1 to run the Active Directory Domain Services Configuration Wizard
Create an RODC computer account by using Active Administrative Center
Intruct Tech1 to install the Active Directory Domain Services server role on RODC1
Your network contains an AD forest. The forest function level is Server 2016. You have a failover cluster named Cluster1. Cluster1 has two nodes named server1 and server2. All the optional features in AD are enabled. A junior administrator accidentally de
Recover a deleted object from the Active Directory Recycle Bin
Your network contains an AD domain named contoso.com. The domain functional level is Server 2012 R2. Your company hires a new security administrator to manage sensitive user data. You create a user account named Security1 for the security administrator. Y
Active Directory Administrative Center
Your network contains an AD domain. All client computers run windows 10. A client computer named computer1 was in storage for five months and was unused during that time. You attempt to sign in to the domain from Computer1 and receive an error message. Yo
Unjoin Computer1 from the domain, and the join the computer to the domain.
Your network contains an Ad domain. The domain contains 20 domain controllers. You discover that some GPOs are not being applied by all the domain controllers. You need to verify whether GPOs replicate successfully to all the domain controllers. What shou
From Group Policy Management, view the Status tab for the domain
Your company has a marketing department and a security department. The network contains an AD domain named contoso.com. The domain contains an enterprise CA. You hae two OUs named MKT_UsersOU and MKT_ComputersOU. MKT_UsersOU contains the user accounts for
From the User Configuration node of GPO1, configure the Certificate Services Client - Auto-enrollment settings
Your network contains an AD domain named contoso.com. The domain contains a domain controller named DC1 that run Server 2016. You need to create a snapshot of the AD database on DC1. Which tool should you use?
Ntdsutil
Your network contains an AD domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2016. The Computer account for Server1 is in OU named OU1. You create a GPO named GPO1 and link GPO1 to OU1. You need to add a domain
YES
The network contains an AD forest named contoso.com. The forest contains three domain controllers configured as shown in the following table:
Server Name/Active Directory Site
Server1, Montreal
Server2, Montreal,
Server3, Seattle
The company physically re
From Windows PowerShell, run the Move-ADDirectoryServer cmdlet
You have an enterprise CA. You create a global security group named Group1. You need to provide members of Group1 with the ability to issue and manage certificates. The solution must prevent the Group1 member from managing certificates requested by member
From the CA properties, modify the security settings
From the CA properties, modify the Certificate Managers settings
Your network contains an AD domain named contoso.com. The domain contains a web application that uses Kerberos authentication . You change the domain name of the web application. You need to ensure that the service principal name (SPN) for the application
Dnscmd
Your network contains an AD domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2016. Server1 has IPAM installed. IPAM is configured to use the Group Policy based provisioning method. The prefix for the IPAM GPOs
Run the Set-IpamConfiguration cmdlet
Your network contains an AD domain named contoso.com. You need to create a central store for Group Policy administrative templates. What should you use?
File Explorer
You have a server named Web1 that runs server 2016. You need to list all the SSL certificates on Web1 tht will expire during the next 60 days.
You run the following command: Get-ChildItem Cert:\LocalMachine\Trust |? {$_.NotAfter It (Get-Date).AddDays(60 )
NO
Your network contains an AD domain named contoso.com. The domain contains a member server named Server1 and a domain controller named DC1. Both servers run Server 2016. Server1 is used to perform administrative task, including managing Group Policies. Aft
From File Explorer, delete \\contoso.com\SYSVOL\contoso.com\Policies\PolicyDefinitions
Your network contains an AD domain named contoso.com. The domain contains a server named Server1 that runs Server 2016. On Server1, you create a local user named User1. User1 is a member of the local Administrators group. Server1 has the following local G
NO
Your network contains an AD domain named contoso.com. The domain contains a server named Server1 that runs Server 2016. On Server1, you create a local user named User1. User1 is a member of the local Administrators group. Server1 has the following local G
NO
Your network contains an AD domain named contoso.com. All the accounts of the users in the sales department are in an OU named SalesOU. An application named App1 is deployed to the user accounts in SalesOU by using GPO named Sales GPO. You need to set the
NO
Your network contains an AD domain named contoso.com. All the accounts of the users in the sales department are in an OU named SalesOU. An application named App1 is deployed to the user accounts in SalesOU by using GPO named Sales GPO. You need to set the
YES
Your network contains an AD domain named contoso.com. All the accounts of the users in the sales department are in an OU named SalesOU. An application named App1 is deployed to the user accounts in SalesOU by using GPO named Sales GPO. You need to set the
YES
Your network contains an AD forest. The forest contains a domain named contoso.com. The domain contains three domain controllers. A domain controller named Ion-dc1 fails. You are unable to repair Ion-dc1. You need to prevent the other domain controllers f
YES
Your network contains an AD forest. The forest contains a domain named contoso.com. The domain contains three domain controllers. A domain controller named Ion-dc1 fails. You are unable to repair Ion-dc1. You need to prevent the other domain controllers f
NO
Your network contains an AD forest. The forest contains a domain named contoso.com. The domain contains three domain controllers. A domain controller named Ion-dc1 fails. You are unable to repair Ion-dc1. You need to prevent the other domain controllers f
YES
Your network contains an AD forest named contoso.com. The forest contains 10 domains. The root domain contains a global catalog server named DC1. You remove the global catalog server role from DC1. You need to decrease the size of the AD database on DC1.
NO
Your network contains an AD forest named contoso.com. The forest contains 10 domains. The root domain contains a global catalog server named DC1. You remove the global catalog server role from DC1. You need to decrease the size of the AD database on DC1.
NO
Your network contains an AD forest named contoso.com. The forest contains 10 domains. The root domain contains a global catalog server named DC1. You remove the global catalog server role from DC1. You need to decrease the size of the AD database on DC1.
NO
Your network contains an AD domain named contoso.com. The domain contains a user named User1, a group named Group1, and an OU named OU1. You need to enable user1 to link Group Policies to OU1.
From ADUC, you add User1 to the Group Policy Creator owners gr
NO
Your network contains an AD domain named contoso.com. The domain contains a user named User1, a group named Group1, and an OU named OU1. You need to enable user1 to link Group Policies to OU1.
From AD Administrative Center, you add User1 to Group1. From A
NO
Your network contains an AD domain named contoso.com. The domain contains a user named User1, a group named Group1, and an OU named OU1. You need to enable user1 to link Group Policies to OU1.
From AD Administrative Center, you add User1 to Group1. From G
NO
Your network contains an AD domain named contosos.com. You create a domain security group named Group1 and add several users to it. You need to force all of the users in Group1 to change their password every 35 days. The solution must affect the Group1 us
From Active Directory Administrative Center, create a Password Setting Object (PSO).
Your network contains an Active Directory domain named contoso.com. The domain contains a web application that uses Kerberos authentication. You change the domain named of the web application. You need to ensure that the service principal name (SPN) for t
Ldifde
Your network contains an AD forest. The forest contains two domains named litwarenc.com and contoso.com. The contoso.com domain contains two domain controllers named LON-DC01 and LON-DC02. The domain controllers are located in a site named London that is
From the properties of the LON-DC02 computer account in Active Directory Users and Computers, modify the NTDS settings
Your network contains an AD domain named contoso.com. A Group Policy object (GPO) named GPO1 is linked to contoso.com. GPO1 has computer configuration policies, user configuration policies, and user preferences configured. You need to ensure that the user
Item-level targeting
Your network contains an AD domain named contoso.com. You discover that users can use passwords that contain only numbers. You need to ensure that all the user passwords in the domain contains at least three of the following types of characters:
Numbers
U
The Default Domain Policy
Your company has a main office and three branch offices. The network cotnains an AD domain named contoso.com. The main office contains three domain controllers. Each branch office contains one domain controller. You discover the new settings in the Defaul
From Group Policy Management, click Default Domain Policy under the Group Policy Objects container, and then open the Status tab.
Your network contains an AD domain named contoso.com. You need to create a central store for Group Policy administrative templates. What should you use?
File Explorer
Your company has a marketing department. The network contains an AD domain named contoso.com. The domain contains two top-level OUs named MKT_Comps and MKT_Users. MKT_Comps contains the computer accounts for the computers in the marketing department. MKT_
Computer Configuration/Preferences/Control Panel Settings/Network Options
Your network contains an AD domain. The domain contains an AD Rights Management Services (AD RMS) cluster and a CA. You need to ensure that all the documents that are protected by using AD RMS can be decrypted if the account used to encrypt the documents
Configure supers users in the AD RMS deployment
You have an internal web server that hosts websites. The websites use HTP and HTTPS. You deploy a Web Application Proxy to your perimeter network. You need to ensure that users from the Internet can access the websites by using HTTPS only. Internet access
From the Remote Access Management Console, publish the websites. Configure pass-through authentication and select Enable HTTP to HTTPS redirection
On external DNS name servers, create DNS entries that point to the public IP address of the Web Application
Your network contains an AD domain named contoso.coom. You plan to deploy a new AD RMS cluster on a server named Server1. You need to create the AD RMS service account. The solution must use the principle of least privilege. What should you do?
Create a domain user account and add the account to the Domain Users group in the domain
You use Application Request Routing (ARR) to make internal web applications available to the Internet by using NTLM authentication. You need to replace ARR by using the Web Application Proxy. Which server role should you deploy first?
Active Directory Federation Services
Your network contains an AD forest named contoso.com. The forest contains an enterprise root certification authority (CA) on a server that runs server 2016. You plan to create and issue a custom subordinate CA template. You need to prevent subordinate CAs
The Basic Constraints externsion
You are deploying a web application named WebApp1 to your internal network. WebApp is hosted on a server named Web1 that runs Server 2016. You eploy an AD FS infrastructure and a Web Application Proxy to provide access to WebApp1 for remote users. You nee
Publish WebApp1 by using pass-through preauthentication
Your netowrk contains an AD domain named contoso.com. The netowrk contains several IP subnets. One of the subnets uses a network ID of 192.168.10.0/24. You link a GPO named GPO1 to the domain. You need to map a drive to a specific file share on the comput
From the User Configuration node of GPO1, create a Group Policy preference that uses item-level targeting
You deploy a new certification authority (CA) to a server that runs Server 2016. You need to configure the CA to support recovery of certificates. What should you do first?
Configure the Key Recovery Agent templates as a certificate template to issue
Your network contains an AD domain named contoso.com. The domain has an enterprise CA. You duplicate the Basic EFS template, and you name the template Template1. You configure the CA to issue Template1. Users are configured to obtain a new certificate aut
The Security Settings for Template1
You have an enterprise CA named ContosoCA. Recovery agents are configured for ContosoCA. You duplicate the User certificate template and name it Cont_User. You plan to issue the certificates based on Cont_User to provide users with the ability to encrypt
Modify the Request Handling settings for Cont_User.
You have an offline root CA named CA1. CA1 is hosted on a VM. you only turn on CA1 when the CA must be patched or you must generate a key for subordinate CAs. You start CA1, and you discover that the filesystem is corrupted. You resolve the filesystem cor
Stop the Active Directory Certificate Services (AD CS) service
Your company has an office in Montreal. The network contains an AD domain named contoso.com. You have an OU named Montreal that contains all of the users accounts for the users in the Montreal office. An office manager in the Montreal office knows each pe
From the Security settings of the Montreal OU, assign the office manager the Reset Password permission
Your network contains an AD forest. The forest contains two domains two domains named contoso.com and fabrikam.com. The functional level of the forest and the domains in Server 2008 R2. You have a global group named Group1 an the contoso.com domain. Group
Modify the scope of Group1 to Universal
Your network contains an AD domain named contoso.com. You deploy a standalone root CA named CA1. You need to autoenroll domain computers for certificates by using a custom certificate template. What should you do first?
Install an enterprise subordinate CA
Your network contains an AD forest named contoso.com. All domain controllers run Server 2012 R2. You deploy a new server named Server1 that runs Server 2016. A server administrator named ServerAdmin01 is a member of the Domain users group. You add ServerA
Register a Service Connection Point (SCP)
Your network contains an AD forest named contoso.com. The domain contains an AD FS server named Server1. On a standalone server named Server2, you install and configure the Web Application Proxy. You have an internal web application named WebApp1. AD FS h
Remote Access Management on Server2
Your network contains an AD domain named contoso.com. All users are in an OU named Corp_Users. You plan to modify the description of all the users who have a string of 514 in their mobile phone number. You need to view a list of the users that will be mod
Get-ADUser-Filter "(mobilePhone-Like '
514
')
Your network contains an AD domain named contoso.com. The domain contains two servers named Server1 and Server2 that run Server 2016. The computer accounts of Server1 and Server2 are in the Computers container. A GPO named GPO1 is linked to the domain. GP
The WMI filter settings
You network contains an AD domain. The domain contains a computer named Computer1 and an OU named TestOU. TestOU contains 10 computer accounts that are used for testing. A GPO named GPO1 is linked to TestOU. On Computer1, you modify the User Right Assignm
On Computer1 run the secedit.exe command and specify the /export parameter. Edit GPO1, and ten import a security template
Your network contains an AD domain. Users do not have administrative privileges to their client computer. You modify a computer setting in a GPO. You need to ensure that the setting is applied to five client computers as soon as possible. What should you
From the domain controller, run the Invoke-GPUpdate cmdlet
Your network contains an AD domain named contoso.com. You have three top-level OUs named OU1, OU2, and OU3. OU1 contains user accounts. OU2 contains the computer accounts for shared public computers. OU3 contains the computer accounts for laptops. You hav
Loopback processing
Your network contains two AD forests named fabrikam.com and contoso.com. Each forest contains a single domain. Contoso.com has a GPO named Cont_GPO1. You need to apply the settings from COnt_GPO1 to the computers in fabrikam.com. Which two actions should
Back up Cont_GPO1. In fabrikam.com, create and link a new GPO by using the Group Policy Management Console (GPMC), and then run the Import Setting Wizard
Back up Cont_GPO1. In fabrikam.com run the Import-GPO cmdlet, and then run the New-GPLink cmdlet
Your network contains a single-domain AD forest named contoso.com. The forest functional level is Server 2016. The forest has Dynamic Access Control enable. The domain contains two domain controllers named DC1 and DC2. Privileged user accounts used to man
Create an access control condition in Policy1
Add the privileged user accounts and the domain controllers to Permitted Accounts in Silo1
Assign Silo1 to the privilege user accounts and the domain controllers
Your network contains an AD forest named contoso.com. The forest contains a member server named Server1. Server1 has several line-of-business applications. Each application runs as a service that uses the Network Service account. You need to configure the
From the Services console, modify the Log On properties of the services
Your network contains an AD domain named contoso.com. The user account for a user named User1 is in an OU named OU1. You need to enable User1 to sign in as user1@adatum.com.
From Active Directory Domains and Trusts, you configure an alternative UPN suffix
YES
Your network contains an AD domain named contoso.com. The user account for a user named User1 is in an OU named OU1. You need to enable User1 to sign in as user1@adatum.com.
From Active Directory Users and Computers you set the E-mail property of User1 to
NO
Your network contains an AD domain. You have a user account that is a member of the Domain Admins group. You have 100 laptops that have a standard corporate image installed. The laptops are in workgroups and have random named. A technician named Tech1 is
YES
Your network contains an AD domain. You have a user account that is a member of the Domain Admins group. You have 100 laptops that have a standard corporate image installed. The laptops are in workgroups and have random named. A technician named Tech1 is
NO
Your network contains an AD domain named contoso.com. The domain contains a user named User1, a group named Group1, and an OU named OU1. You need to enable User1 to link Group Policies to OU1
From Active Directory Administrative Center, you add User1 to G
YES
Your network contains an AD forest. The forest contains a domain named contoso.com. The domain contains three domain controllers. A domain controller named Ion-dc1 fails. You are unable to repair Ion-dc1. You need to prevent the other domain controllers f
YES
Your network contains an AAD domain named contoso.com. The domain contains two domain controllers named DC1 and DC2. DC1 holds the RID master operations role. DC1 fails and cannot be repaired. You need to move the RID role to DC2.
On DC2, yo uopen the com
YES
Your network contains an AD domain named contoso.com. The domain contains two domain controllers named DC1 and DC2. Dc1 holds the RID master operations role. DC1 fails and cannot be repaired. Yo uneed to move the RID role to DC2.
On DC2, you open ADUC, cl
NO
Your network contains an AD domain named contoso.com. A user named User1 is in an OU named OU1. You are troubleshooting a folder access issue for User1. You are troubleshooting a folder access issue for User1. You need a list of groups to which User1 is e
NO
Your network contains an AD domain named contoso.com. A user named User1 is in an OU named OU1. You are troubleshooting a folder access issue for User1. You need a list of groups to which User1 is either a direct member or an indirect member.
You run Get-
NO
Your network contains an AD domain named contoso.com. A user named User1 is in an OU named OU1. You are troubleshooting a folder access issue for User1. You need a list of groups to which User1 is either a direct member or an indirect member.
You run dsge
YES
Your network contains an AD domain named contoso.com. The domain contains an enterprise root certification authority (CA) on a server that runs Server 2016. You need to configure the CA to support Online Certificate Status Protocol (OCSP) responders. Whic
Add a new certificate
Modify the Authority Information Access (AIA) of the CA
Your network contains an AD domain named contoso.com. The domain contains a single site named Site1. All computers are in Site1. The GPO for the domain are configured as shown:
>Domain Controllers
>OU1
>>A5
>>OU2
>>>A4
>>OU3
>>>A6
>>>OU4
>>>>A7
Forest: Co
A7 only
Your network contains an AD domain named contoso.com. You have an application named App1 that is deployed to all the client computers in the domain. App1 writes a registry value named LocalStorage on all the client computers. You need to delete the Local
Configure a Group Policy preference that uses item-level targeting
You have a standalone root CA. You have a new security policy requirements specifying that any changes to the CA configuration must be logged. You need to ensure that the CA meets the new security requirement. Which two actions should you perform?
From Local Group Policy Editor, configure auditing for policy change
From Local Group Policy Editor, configure auditing for object access
Your company has multiple branch offices. The network contains an AD domain named contoso.com. In one of the branch offices, a new technician is hired to add computers to the domain. After successfully joining multiple computers to the domain, the technic
Modify the Security settings of the Computers container
Your create a user account that will be used as a template for new user accounts. Which setting will be copied when you copy the user account from ADUC?
the Department attribute
Your network contains an AD domain named contoso.com. The domain contains 5000 user accounts. You have a GPO named DomainPolicy that is linked to the domain and a GPO named DCPolicy that is linked to the Domain Controllers OU.
You need to ensure that the
From the User Configuration node of DCPolicy, modify Security Settings
Your network contains an AD domain named contoso.com. The domain contains 5000 user accounts. You have a GPO named DomainPolicy that is linked to the domain and a GPO named DCPolicy that is linked to the Domain Controllers OU.
You need to ensure that all
From the Computer Configuration node of DomainPolicy, modify Administrative Templates
Your network contains an AD domain named contoso.com. The domain contains a read-only domain controller (RODC) named RODC1. You need to retrieve a list of accounts that have their password cached on RODC1. Which command should you run?
repadmin.exe
Your network contains an AD domain named contoso.com. The domain contains a web application that uses Kerberos authentication. You change the domain name of the web application. You need to ensure that the service principal name (SPN) for the application
Setspn
You work for a comany named Contoso, ltd. The network contains an AD forest named contoso.com. A forest trust exists between contoso.com and an AD forest named adatum.com. The contoso.com forest contains the objects configured as shown:
...
Group1 and Gro
The contoso.com domain: Djoin.exe with the /provision parameter
Computer3: Djoin.exe with the /requestodj parameter
Your network contains an AD domain named contoso.com. The domain contains a single site named Site1. All computers are in Site1. The GPO for the domain are configured as shown:
>Domain Controllers
>OU1
>>A5
>>OU2
>>>A4
>>OU3
>>>A6
>>>OU4
>>>>A7
Forest: Co
A3
A1
A5
A7
A6
Your network contains an AD domain named contoso.com. The domain contains a single site named Site1. All computers are in Site1. The GPO for the domain are configured as shown:
>Domain Controllers
>OU1
>>A5
>>OU2
>>>A4
>>OU3
>>>A6
>>>OU4
>>>>A7
Forest: Co
A3
A1
A5
A6
A7
You have a server named Server1 that runs Serve 2016. Server1 has the Windows Application Proxy role service installed. You need to publish Microsoft Exchange ActiveSync services by using the Publish New Application Wizard. The ActiveSync services must us
Preauthentication method: Active Directory Federation Services (AD FS)
Preauthentication type: HTTP Basic
Your network contains an AD forest. The forest contains an AD FS deployment. The AD FS deployment contains the following:
An AD FS server named server1.contoso.com that runs Server 2016. A Web Application Proxy used to publish AD FS. A UPN that uses the c
Connect-MsolService
Set-MsolADFSContext -Computer server1.contoso.com
Convert-MsolDomainToFederated -DomainName contoso.com
You have a server named Server1 that runs Server 2016. Server1 has the Web Application Proxy role service installed. You are publishing an application named App1 that will use Integrated Windows Authentication as shown in the following graphic:
External U
configure the Backend server SPN
https://server02.contoso.com/publish/app1
Your network contains an AD forest. The forest contains one domain named contoso.com. The domain contains two domain controllers named DC1 and DC2. DC1 holds all of the operations master roles. During normal network operations, you run the following comma
NO
YES
NO
Your network contains an AD domain named contoso.com. Some user accounts in the domain have the P.O. Box attribute set. You plan to remove the value of the P.O. Box attribute for all of the users using Ldifde. You have a user named User1 who is located in
dn: CN=User1, CN=Usres, DC=contoso, DC=com
changetype: modify
Your company has multiple office. The network contains an AD domain named contoso.com. An AD site exists for each office. All of the sites connect to each other by using DEFAULTIPSITELINK. The company plans to open a new office. The new office will have a
Create a new site object
Create a new subnet object
Promote the member server to a domain controller
You have a server named Server1 that runs Server 2016. Server1 has the Web Application Proxy role service installed. You publish an application named App1 by using the Web Application Proxy. You need to change the URL that users use to connect to App1 whe
Set-WebApplicationProxyApplication
-ExternalURL
Set-WebAPplicationProxyApplication -ID 874A4543-7983-77A3-1E6D-1163E7419AC1 ExternalURL http://SP.Contoso.com/
Your network contains an AD forest named contoso.com. The forest contains an AD FS farm. You install Server 2016 on a server named Server2. You need to configure Server2 as a node in the federation server farm. Which cmdlets should you run?
First cmdlet to run: Install-WindowsFeature
Second cmdlet to run: Install-AdfsFarm
Your network contains an AD domain named contoso.com. The domain contains a server named server1 that runs server 2016. You install IPAM on server1. You select the automatic provisioning method, and then you spceify a prefix of IPAM1. You need to configur
Invoke-IpamGpoProvisioning
-GpoPrefixName
Invoke-IpamGpoProvisioning -Domain "Contoso.com" -GpoPrefixName
Your network contains an AD domain named contoso.com. The domain contains a member server named Server1 that runs Server 2016. Server1 has IPAM installed. IPAM uses a Windows Internal Database. You install Microsoft SQL Server on Server1. You plan to move
NT AUTHORITY
NETWORK SERVICE
Your network contains an AD domain named contoso.com. The domain contains two servers named Server1 and Server2 that run Server 2016. Server1 has Microsoft System Center 2016 Virtual Machine Manager (VMM) installed. Server2 has IPAM installed. You create
On Server1: Create a Run as Account that uses User1
On Server2: Add User1 to IPAM ASM Administrator Role
Your network contains an AD domain named contoso.com. The domain contains two servers named Server1 and Server2 that run Server 2016. Server1 has IPAM installed. Server2 has Microsoft System Center 2016 VMM installed. You need to integrate IPAM and VMM. W
Server1: Access Policy
Server2: Network Service, Run As Account
Your network contains an AD domain named contoso.com. The domain contains two servers named Server1 and Server2 that run Windows Server 2016. Server1 has IPAM installed. Server2 has the DHCP Server role installed. The IPAM server retrieves data from Serve
net localgroup
"Server1\IPAM MSM Administrators"
net localgroup "Server1\IPAM Administrators" User1 /add
You have a server named Server1 that runs Server 2016. Server1 has the Web Application Proxy role service installed. You plan to deploy Remote Desktop Gateway (RD Gateway) services. Clients will connect to the RD Gateway services by using various types of
Add-WebApplicationProxyApplication
ADFS
Your network contains an AD forest named contoso.com. Your company has a custom application named ERP1. ERP1 uses an Active Directory Lightweight Directory Services (AD LDS) server named Server1 to authenticate users. You have a member server named Server
First cmdlet to run: New-AdfsLdapServerConnection
Second cmdlet to run: Add-AdfsLocalClaimsProviderTrust
Your company has a testing environment that contains an AD domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2016. Server1 has IPAM installed. IPAM has the following configuration:
....
The group policy configur
NO
NO
NO
Your network contains an AD domain named contoso.com. The domain contains a server named Server1 that runs Server 2016. You insall IPAM on Server1. You need to manually start discovery of servers that IPAM can manage in contoso.com. Which three cmdlets sh
Invoke-IpamServerProvisioning
Add-IpamDiscoverDomain
Start-ScheduledTask
Your network contains an AD domain named contoso.com. The domain contains two servers named Server1 and Server2 that run Windows Server 2016. Server1 has IPAM installed. Serve2 has the DHCP Server role installed. The IPAM serve retrieves data from Server2
NO
NO
YES
You have a server named Server1 that runs Serve 2016. Server1 has the Web Application Proxy role service installed. You need to publish Microsoft Exchange Server 2013 services through the Web Application Proxy. The solution must use preauthentication when
Exchange ActiveSync: Pass-Through
Outlook Web App: Active Directory Federation Services (AD FS)
Outlook Anywhere: Pass-Through
Your network contains an AD domain named contoso.com. The domain contains three servers named server1, server2, and server3 that run Server 2016. Server1 has IPAM installed. Server2 and Server3 have the DHCP Server role installed and have several DHCP sco
From Server Manager on Server1, User1 can modify the description of the DHCP scopes: On Server2 only
From Server Manger on Server1, User1 can create a new DHCP scope: On Server2 only
Your network contains an AD domain named contoso.com. The domain contains four servers named Server1, Server2, Server3, and Server4 that run Server 2016. Server1 has IPAM installed. Server2, 3, and 4 have the DHCP server role installed. IPAM manages Serve
YES
NO
NO
Your network contains an AD domain named contoso.com. You need to view a list of all the domain user accounts that are enabled. But theres users that have not signed in during the last 30 days. Which command should you run?
Search-ADAccount
AccountInactive
Seatch-ADAccount AcountInactive -TimeSpan 30 -UserOnly |Format -Table Name, UserPrincipalName
Your network contains an AD domain named contoso.com. The domain contains an enterprise CA. A user named Admin1 is a member of the Domain Admins group. You need to ensure that you can archive keys on the CA. The solution must use Admin1 as a key recovery
From the Certification Authority console, add a certificate template to issue
From the Certificates Console, request a certificate
From the Certification Authority console, issue a pending request
From the Certification Authority console, add a Key Recove
Your network contains an AD domain named contoso.com. You have an administrative compter named Computer1 that runs Server 2016. From Computer1, you edit a GPO named GPO1 as shown in the exhibit:
.....
You receive a new administrative template named Templa
Copy Template1.admx to: \\Contoso.com\Sysvol\Contoso.com\Policies\PolicyDefinitions
Copy Template1.adml to: \\Contoso.com\Sysvol\Contoso.com\Policies\PolicyDefinitions\en-US
Your network contains an AD domain. The domain contains a domain controller named DC1 that runs server 2016. You start DC1 in Directory Services Restore Mode (DRSM). You need to compact the Active Directory database on DC1. Which three actions should you
Run ntdsutil.exe
Run active instance ntds.
From the Files context, run compact
Your company implement AD FS. You confirm that the comapny meets all the prerequisites for using Microsoft Azure Multi-Factor Authentication (MFA) and AD FS. You need to ensure that you can select MFA as the primary authentication method for AD FS. Which
Run the New-AdfsAzureMfatenant Certificate cmdlet
Run the New-MsolServicePrinicipal Credential cmdlet
Run the Set-AdfsAzureMfaTenant cmdlet
Your network contains an AD domain named contoso.com. The domain contains a domain controller named DC1. You create and link a GPO named SalesAppGPO to an OU named SalesOU. All the computer accounts are in the Computer container. All the user accounts of
On DC1, create a shared folder named SalesApp
Copy the Windows installer package to SalesApp
In GPO1, add a package to User, Configuration\Policies\Software Settings\Software installation
Your network contains an AD forest named contoso.com. You need to add a new domain named fabrikam.com to the forest. What command should you run?
Install-ADDSDomain
TreeDomain
Your network contains an AD forest. The forest contains two domain controllers named DC1 and DC2 that run Server 2016. DC1 holds all of the operations master roles. DC1 experiences a hardware failure. You plan to use an automated process that will create
Move-ADDirectoryServerOperationMasterRole
RIDMaster
-Force
Your network contains an AD domain named adatum.com. The domain contains the servers configured as shown in the following table:
.....
You have a server named Server6 in the perimeter network. Each server has the local users show in the following table:
.
Server4\
User1
Your network contains an AD domain named contoso.com. You open Group Policy Management as shown in the Group Policy management exhibit:
....
A user named User1 is in OU1. A computer named Computer2 is in OU2. The settings of GPO1 are configured as shown i
NO
YES
NO
Your network contains an AD domain named contoso.com. A user named User1 and a computer named Computer1 are in an OU named OU1. A user named User2 and a computer named Computer2 are in an OU named OU2. A GPO named GPO1 is linked to the domain. GPO1 contai
YES
YES
YES
Your network contains an AD forest named contoso.com. They connect to the forest by using Idp.exe and receive the output as shown in the following exhibit:
.....
1. The forest has __________ Active Directory partitions:
2. The minimum requirment for domai
three
Windows Server 2012
Your network contains an AD domain named contoso.com. The domain contains two domain controllers named DC1 and DC2. DC1 holds the RID master operation role. DC1 fails and cannot be repaired. You need to move the RID role to DC2.
On DC2, you open Windows P
NO
Your network contains an AD domain named contoso.com. The domain contains two domain controllers named DC1 and DC2. DC1 holds the RID master operation role. DC1 fails and cannot be repaired. You need to move the RID role to DC2.
On DC2, you open the comma
NO
Your network contains an AD forest. Some users report experience difficulties signing in to domain controllers. You suspect that the service location (SRV) records might be causing the issue. What are two possible commands that you can run to verify the S
dcdiag.exe/test:connectivity
dcdiag.exe/test:DnsRecordRegistration
Your company has multiple branch offices. The network contains an AD domain named contoso.com. In one of the branch offices, a new technician is hired to add computers to the domain. After successfully joining multiple computers to the domain, the technic
Run the Delegation of Control Wizard on the Computers container
You create a user account that will be used as a template for new user accounts. Which setting will be copied when you copy the user account from ADUC?
the Member of attribute
Your network contains an AD domain. The domain contains an OU named FileServerOU. A GPO named GPO1 is linked to FIleServerOU. FileServerOU contains all the file servers in the domain. You make an urgent security edit to GPO1. You need to ensure that all t
Right-click FileServersOU and click Group Policy Update
Your network contains two AD forests named fabrikam.com and contoso.comm. Each forest contains two sites. Each site contains two domain controllers. You need to configure all the domain controllers in both the forests as global catalog servers. Which snap
Active Directory Sites and Services
Your network contains an AD domain named adatum.com. The domain contains a security group named G_Research and an OU named OUResearch. All the use in the research department are members of G_Research and their user accounts are in OU_Research. You need to
From Active Directory Administrative Center, create a new Password Settings object (PSO)
Your network contains an AD domain named contoso.com. You need to create a central store for Group Policy administrative templates. What should you use?
File Explorer
Your network contains an AD domain named contoso.com. A user named User1 is in an OU named OU1. You are troubleshooting a folder access issue for User1. You need to list of groups to which User1 is either a direct member or an indirect member.
You instruc
YES
Your network contains an AD domain named contoso.com. A user named User1 is in an OU named OU1. You are troubleshooting a folder access issue for User1. You need to list of groups to which User1 is either a direct member or an indirect member.
From Window
NO
Your network contains an AD domain named contoso.com. The domain contains a single site named Site1. All computers are in Site1. The GPO for the domain are configured as shown:
>Domain Controllers
>OU1
>>A5
>>OU2
>>>A4
>>OU3
>>>A6
>>>OU4
>>>>A7
Forest: Co
A1 and A7 only
Your network contains an AD domain named contoso.com. The domain contains a single site named Site1. All computers are in Site1. The GPO for the domain are configured as shown:
>Domain Controllers
>OU1
>>A5
>>OU2
>>>A4
>>OU3
>>>A6
>>>OU4
>>>>A7
Forest: Co
A1, A5, A6, and A4
Your network contains an AD domain named contoso.com. The domain contains an administrative workstation named WKS1 that runs Windows 10. You have a GPO named GPO1. You download a custom administrative template that contains the following files:
-App1.admx
App1.adml: C:\Windows\PolicyDefinitions
App1.admx: C:\Windows\PolicyDefinitions\en-US
Your network contains an AD domain named contoso.com. The relevant objects in the domain are configured as shown in the following table:
....
You have the following configurations:
User1 is in OU1 and is a member of Group1 and Group2
User2 is in OU2 and i
YES
YES
YES
Your network contains an AD domain named contoso.com. The domain contains the computers configured as shown:
Client1, 172.16.0.5, 150 GB
Client2, 172.16.0.25, 50 GB
CLient3, 172.16.0.95, 200 GB
The domain contains a user named User1. A GPO named GPO1 is l
NO
NO
YES
Your network contains an AD domain named contoso.com. You need to create a central store for Group Policy administrative templates. What should you use?
Copy-item
Your network contains an AD forest. The forest contains two domain named litwarenc.com and contoso.com. The contoso.com domain contains two domain controllers named LON-DC01 and LON-DC02. The domain controllers are located in a site named London that is a
From the properties of the LON-DC02 computer account in Active Directory Users and Computers, modify the NTDS settings
Your company has a main office and three branch offices. The network contains an Active Directory domain named contoso.com. The main office contains three domain controllers. Each branch office contains one domain controller. You discover the new settings
From a command prompt, run repadmin.exe