742

Home
Need Assignment Help?

Your network contains an AD forest named contoso.com. The forest contains an AD rights management services (AD RMS) deployment. Your company established a partnership with another company named Fabrikam, Inc. The network of Fabrikam contains an AD forest

NO

Your network contains an AD forest named contoso.com. The forest contains an AD rights management services (AD RMS) deployment. Your company established a partnership with another company named Fabrikam, Inc. The network of Fabrikam contains an AD forest

YES

Your network contains an AD forest named contoso.com. The forest contains an AD rights management services (AD RMS) deployment. Your company established a partnership with another company named Fabrikam, Inc. The network of Fabrikam contains an AD forest

NO

Your network contains an AD forest named contoso.com. The forest contains a member server named Server1 that runs server 2016. All domain controllers run Server 2012 R2. Contoso.com has the following confiugration:
PS C:\> (Get-ADForest).ForestMode Window

YES

our network contains an AD forest named contoso.com. The forest contains a member server named Server1 that runs server 2016. All domain controllers run Server 2012 R2. Contoso.com has the following confiugration:
PS C:\> (Get-ADForest).ForestMode Windows

YES

our network contains an AD forest named contoso.com. The forest contains a member server named Server1 that runs server 2016. All domain controllers run Server 2012 R2. Contoso.com has the following confiugration:
PS C:\> (Get-ADForest).ForestMode Windows

NO

Your network contains an AD domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2016. The computer account for Server1 is in an OU named OU1. You create a GPO named GPO1 and link GPO1 to OU1. You need to add a dom

NO

Your network contains an AD domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2016. The computer account for Server1 is in an OU named OU1. You create a GPO named GPO1 and link GPO1 to OU1. You need to add a dom

YES

Your network contains an AD domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2016. The computer account for Server1 is in an OU named OU1. You create a GPO named GPO1 and link GPO1 to OU1. You need to add a dom

NO

Your network contains an AD domain named contoso.com. The domain contains a domain controller named Server1. You recently restored a backup of the AD database from Server1 to an alternate location. The restore operation does not interrupt the AD services

Dsamain

Your network contains an AD domain named contoso.com. You need to limit the number of Active Directory Domain Services (AD DS) objects that a user can create in the domain. Which tool should you use?

Dsadd quota

Your network contains an AD forest named contoso.com. The forest functional level is Server 2012 R2. You need to ensure that a domain administrator can recover a deleted AD object quickly. Which tool should you use?

Active Directory Administrative Center

You have user that access web applications by using HTTPS. The web applications are located on the servers in your perimeter network. The servers use certificates obtained from an enterprise root CA. The certificates are generated by using a custom templa

Modify the CRL distribution point, and then reissue the certificates used by the web applications servers.

Your network contains an AD domain named contoso.com. The domain contains an enterprise CA named CA1. You have a test environment that is isolated physically from the corporate network and the Internet. You deploy a web server to the test environment. On

From the properties of Web_Cert_Test, set the Compatibility setting of CA1 to Windows Server 2016

Your network contains an AD forest named contoso.com. The forest contains a single domain. The domain contains a server named Server1. An administrator named Admin01 plans to configure Server1 as a standalone CA. You need to identify to which group Admin0

Administrators on Server1

You network contains an AD forest named contoso.com The forest contains several domains. An administrator named Admin01 installs Server 2016 on a server named Server1 and then joins Server1 to the contoso.com domain. Admin01 plans to configure Server1 as

Enterprise Admins in the contoso.com domain

You network contains an enterprise root certification authority (CA) named CA1. Multiple computers on the network successfully enroll for certificates that will expire in one year. The certificates are based on a template named Secure_Computer. The templa

Modify the Validity period for the certificate template

You deploy a new enterprise certification authority (CA) named CA1. You plan to issue certificate based on the User certificate template. You need to ensure that the issued certificates are valid for two years and support autoenrollment. What should you d

Duplicate the User certificate template

Your network contains an AD forest named contoso.com. The forest contains three domains named contoso.com, corp.contoso.com, and ext.contoso.com. The forest contains three AD sites named Site1, Site2, and Site3. You have the three administrators as descri

Admin 1 and Admin3 only

Your notwork contains an AD domian named contoso.com. The domain contains a (GPO) named GPO1. You configure the Internet Settings preference in GPO1 as shown in the exhibit:
Home page: http://www.contoso.com
...
A user reports that the homepage of Interne

Edit the GPO1 preference and press F5

Your network contains an AD domain named contoso.com. The domain contains 1000 desktop computers and 500 laptops. An organizational unit (OU) named OU1 contains the computer accounts for the desktop computers and the laptops. You create a Windows PowerShe

In GPO1, create a Scheduled Tasks preference that uses item-level targeting

Your network contains an AD domain nmaed contoso.com. You have an OU named TesstOU that contains test computers. You need to enable a technician named Tech1 to create GPOs and link the GPOs to TestOU. The solution must use the principle of least privilege

Add Tech1 to the Group Policy Creator Owners group
From Group Policy Management, modify the Delegation settings of the TestOU OU

Your company recently deployed a new child domain to an AD forest. You discover that a user modified the Default Domain Policy to configure several Windows components in the child domain. A company policy states that the Default Domain Policy must be used

From a command prompt, run the dcgpofix.exe command

Your network contains an AD domain named contoso.com. You have an OU named OU1 that contains the computer accounts of two servers and the user account of an users named User1. A GPO named GPO1 is linked OU1. You have an application named App1 that install

Create a Config.zap file and add a software installation package to the User Configuration node of GPO1

Your network contains an AD domain named contoso.com. You open Group Policy Management as shown in the exhibit:
OU1
>A1
>A2
>OU2
Contents: Forest:Contoso.com
...
You discover that some of the settings in the A1 Group Policy object (GPO) fail to apply to t

Modify the policy processing order for OU1

Your network contains an AD domain named contoso.com. You have a GPO named GPO1. GPO1 is linked to an OU named OU1. GPO1 contains seveal corporate desktop restrictions that apply to all computers. You plan to deploy a printer to the computers in OU1. You

a computer preference that uses item-level targeting

Your network contains an AD domain named contoso.com. The domain contains 5000 user accounts. You have a GPO named DomainPolicy that is linked to the domain and a GPO named DCPolicy that is linked to the Domain Controllers OU. You need to use the applicat

From the Computer Configuration node of DomainPolicy, modify the Security Settings

Your network contains an AD domain named contoso.com. The domain contains 5000 user accounts. You have a GPO named Domain Policy that is linked to the domain and a GPO named DCPolicy that is linked to the Domain Controllers OU. You need to configure the D

From the User Configuration node of DomainPolicy, modify Folder Redirection

Your network contains an AD domain named contoso.com. The domain contains 5000 user accounts. You have a GPO named DomainPolicy that is linked to the domain and a GPO named DCPolicy that is linked to the Domain Controllers OU. You need to force users to c

From the Computer Configuration node of DomainPolicy, modify Security Settings

You work for a company named Contoso, Ltd. The network contains an AD forst named contoso.com. A forest trust exists between contoso.com and an AD forst named adatum.com. The contoso.com forest contains the objects configured as shown:
.........
Group1 an

the Managed By settings of Group5

You work for a company named Contoso, Ltd. The network contains an AD forst named contoso.com. A forest trust exists between contoso.com and an AD forst named adatum.com. The contoso.com forest contains the objects configured as shown:
.........
Group1 an

Modify the group scope of Group3

Your network contains an AD domain named contoso.com. The domain contains a single site named Site1. All computers are in Site1. The GPO for the domain are configured as shown:
>Domain Controllers
>OU1
>>A5
>>OU2
>>>A4
>>OU3
>>>A6
>>>OU4
>>>>A7
Forest: Co

A7 only

Your network contains an AD domain named contoso.com. The domain contains a single site named Site1. All computers are in Site1. The GPO for the domain are configured as shown:
>Domain Controllers
>OU1
>>A5
>>OU2
>>>A4
>>OU3
>>>A6
>>>OU4
>>>>A7
Forest: Co

A3, A1, A5, and A4 only

Your network contains an AD forest named contoso.com. You have an AD FS farm. The farm contains a server named server1 that runs Server 2012 R2. You add a server named Server2 to the farm. Server2 runs Server 2016. You remove Server1 from the farm. You ne

Invoke-AdfsFarmBehaviorLevelRaise

Your network contains an AD forest named contoso.com. The forest contains a member server named Server1 that runs Server 2016. Server1 is located in the perimeter network. You install the AD FS server role on Server1. You create an AD FS farm by using a c

443
49443

You have a server named Server1 that runs Server 2016. You need to configure Server1 as a Web Application Proxy. Which server role or role service should you install on server1?

Remote Access

Your network contains an AD forest named contoso.com. Your company plans to hire 500 temporary employees for a project that will last 90 days. You create a new user account for each employee. An OU named Temp contains the user accounts for the employees.

Run the Get-ADUser cmdlet and pipe the output to the Set-ADUser cmdlet

Your network contains an AD forest the forest contains two domains named litwareinc.com and contoso.com. The contoso.com domain contains two domain controllers named LON-DC01 and LON-DC02. The domain controllers are located in a site named London that is

From Active Directory Sites and Services, modify the NTDS Settings object of LON-DC-02

Your network contains an AD domain named contoso.com. The domain functional level is Server 2012 R2. You need to secure several high-privilege user accoutns to meet the following requirements: Prevent authentication by using NTLM. Use Kerberos to verify a

Add the user to the Protected Users group

Your network contains an AD forest named contoso.com. A partner company has a forest named fabrikam.com. Each forest contains one domain. You need to provide access for a group named Research in fabrikam.com to resources in contoso.com. The solution must

Create a one-way forest trust from contoso.com to fabrikam.com thta uses selective authentication.

You have an enterprise CA named CA1. You have a certificate template named UserAUtoEnroll that is based on the User certificate template. Domain users are configured to autoenroll for UserAutoEnroll. A user named User1 has an email address defined in AD.

Subject Name

You are configuring AD FS. Which server should you deploy on your organizations perimeter network?

Web application proxy

Which of the following CA types would you deploy if you wanted to deploy a CA at the top of a hierarchy that could issue signing certificates to other CAs and which would be taken offline if not issuing, renewing, or revoking signing certificates?

Standalone root

You need to ensure that clients will check at least every 30 minutes as to whether a certificate has been revoked. Which of the following should you configure to accomplish this goal?

Delta CRL publication interval

Your network contains an AD forest named contoso.com. Users frequently access the website of an external partner company. The URL of the website is http://partners.adatum.com. The partner company informs you that is will perform maintenance on its Web ser

Run Set-DnsServerCache

Your network contains one AD domain named adatum.com. The domain contains a DNS server named server1 that runs Server 2016. All domain computers use Server1 for DNS. You sign adatum.com by using DNSSEC. You need to configure the domain computers to valida

Name Resolution Policy

Your network contains an AD domain named contoso.com. Domain users use smart cards to sign in to their client computer. Some users report that it takes a long time to sign in to their computer and that the logon attempt times out, so they must restart the

Implement an Online Certification Status Protocol (OCSP) responder

You deploy a new AD forest. You need to ensure that you can create a group Managed Service Account (gMSA) for multiple member servers.
From Windows PowerShell on a domain controller, you run the Set-KdsConfiguration cmdlet. Does this meet the goal?

NO

You work for a company named Contoso, Ltd. The network contains an AD forst named contoso.com. A forest trust exists between contoso.com and an AD forst named adatum.com. The contoso.com forest contains the objects configured as shown:
.........
Group1 an

Remove all the members from Group1

You have an AD Right Management Services (AD RMS) server named RMS1. Multiple documents are protected by using RMS1. RMS1 fails and cannot be recoverd. You install the AD RMS server role on a new server named RMS2. You restore the AD RMS database from RMS

From RMS2, register a service principal name (SPN) in Active Directory

Your network contains an AD domain named contoso.com. You recently deleted 5000 objects from the AD database. You need to reduce the amount of disk space used to store the AD database on a domain controller. Which tool should you use?

Ntdsutil

Your network contains an AD domain named contoso.com. The domain contains an enterprise CA named CA1. You duplicate the Computer certificate template, and you name the template Cont_Computers. You need to ensure that all of the certificates issued based o

From the properties of Cont_Computers, modify the Cryptography settings

You have a server named Web1 that runs Server 2016. You need to list all the SSL certificates on Web1 that will expire during the next 60 days.
You run the following command. Get-ChildItem Cert:\LocalMachine\My |? {$_.NotAfter --It (Get-Date).AddDays( 60

YES

Your network contains an AD domain named contoso.com. The domain contains a user named User1 and an OU named OU1. You create a GPO named GPO1. You need to ensure that User1 can link GPO1 to OU1. What should you do?

Modify the security settings of OU1

You deploy a new AD forest. You need to ensure that you can create a group Managed Service Account (gMSA) for multiple member servers.
You configure Kerberos constrained delegation on the computer account of each member server. Does this meet the goal?

NO

Your network contains an AD domain named contoso.com. The domain contains a DNS server named Server1. All client computers run Windows 10. On Server1, you have the following zone configuration:
.....
You need to ensure that all of the client computers in

YES

Your network contains an AD domain named contoso.com. The domain contains an AD FS server named ADFS1, a Web Application Proxy server named WAP1, and a web server named Web1. You need to publish a website on Web1 by using the Web Application Proxy. Users

On ADFS1, enable an endpoint

Your network contains an AD domain named contoso.com. The domain contains five domain controllers. You have a branch office that has a local support technician named Tech1. Tech1 installs Windows Server 2016 on a server named RODC1 in a workgroup. You nee

Instruct Tech1 to run the Active Directory Domain Services Configuration Wizard
Create an RODC computer account by using Active Administrative Center
Intruct Tech1 to install the Active Directory Domain Services server role on RODC1

Your network contains an AD forest. The forest function level is Server 2016. You have a failover cluster named Cluster1. Cluster1 has two nodes named server1 and server2. All the optional features in AD are enabled. A junior administrator accidentally de

Recover a deleted object from the Active Directory Recycle Bin

Your network contains an AD domain named contoso.com. The domain functional level is Server 2012 R2. Your company hires a new security administrator to manage sensitive user data. You create a user account named Security1 for the security administrator. Y

Active Directory Administrative Center

Your network contains an AD domain. All client computers run windows 10. A client computer named computer1 was in storage for five months and was unused during that time. You attempt to sign in to the domain from Computer1 and receive an error message. Yo

Unjoin Computer1 from the domain, and the join the computer to the domain.

Your network contains an Ad domain. The domain contains 20 domain controllers. You discover that some GPOs are not being applied by all the domain controllers. You need to verify whether GPOs replicate successfully to all the domain controllers. What shou

From Group Policy Management, view the Status tab for the domain

Your company has a marketing department and a security department. The network contains an AD domain named contoso.com. The domain contains an enterprise CA. You hae two OUs named MKT_UsersOU and MKT_ComputersOU. MKT_UsersOU contains the user accounts for

From the User Configuration node of GPO1, configure the Certificate Services Client - Auto-enrollment settings

Your network contains an AD domain named contoso.com. The domain contains a domain controller named DC1 that run Server 2016. You need to create a snapshot of the AD database on DC1. Which tool should you use?

Ntdsutil

Your network contains an AD domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2016. The Computer account for Server1 is in OU named OU1. You create a GPO named GPO1 and link GPO1 to OU1. You need to add a domain

YES

The network contains an AD forest named contoso.com. The forest contains three domain controllers configured as shown in the following table:
Server Name/Active Directory Site
Server1, Montreal
Server2, Montreal,
Server3, Seattle
The company physically re

From Windows PowerShell, run the Move-ADDirectoryServer cmdlet

You have an enterprise CA. You create a global security group named Group1. You need to provide members of Group1 with the ability to issue and manage certificates. The solution must prevent the Group1 member from managing certificates requested by member

From the CA properties, modify the security settings
From the CA properties, modify the Certificate Managers settings

Your network contains an AD domain named contoso.com. The domain contains a web application that uses Kerberos authentication . You change the domain name of the web application. You need to ensure that the service principal name (SPN) for the application

Dnscmd

Your network contains an AD domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2016. Server1 has IPAM installed. IPAM is configured to use the Group Policy based provisioning method. The prefix for the IPAM GPOs

Run the Set-IpamConfiguration cmdlet

Your network contains an AD domain named contoso.com. You need to create a central store for Group Policy administrative templates. What should you use?

File Explorer

You have a server named Web1 that runs server 2016. You need to list all the SSL certificates on Web1 tht will expire during the next 60 days.
You run the following command: Get-ChildItem Cert:\LocalMachine\Trust |? {$_.NotAfter It (Get-Date).AddDays(60 )

NO

Your network contains an AD domain named contoso.com. The domain contains a member server named Server1 and a domain controller named DC1. Both servers run Server 2016. Server1 is used to perform administrative task, including managing Group Policies. Aft

From File Explorer, delete \\contoso.com\SYSVOL\contoso.com\Policies\PolicyDefinitions

Your network contains an AD domain named contoso.com. The domain contains a server named Server1 that runs Server 2016. On Server1, you create a local user named User1. User1 is a member of the local Administrators group. Server1 has the following local G

NO

Your network contains an AD domain named contoso.com. The domain contains a server named Server1 that runs Server 2016. On Server1, you create a local user named User1. User1 is a member of the local Administrators group. Server1 has the following local G

NO

Your network contains an AD domain named contoso.com. All the accounts of the users in the sales department are in an OU named SalesOU. An application named App1 is deployed to the user accounts in SalesOU by using GPO named Sales GPO. You need to set the

NO

Your network contains an AD domain named contoso.com. All the accounts of the users in the sales department are in an OU named SalesOU. An application named App1 is deployed to the user accounts in SalesOU by using GPO named Sales GPO. You need to set the

YES

Your network contains an AD domain named contoso.com. All the accounts of the users in the sales department are in an OU named SalesOU. An application named App1 is deployed to the user accounts in SalesOU by using GPO named Sales GPO. You need to set the

YES

Your network contains an AD forest. The forest contains a domain named contoso.com. The domain contains three domain controllers. A domain controller named Ion-dc1 fails. You are unable to repair Ion-dc1. You need to prevent the other domain controllers f

YES

Your network contains an AD forest. The forest contains a domain named contoso.com. The domain contains three domain controllers. A domain controller named Ion-dc1 fails. You are unable to repair Ion-dc1. You need to prevent the other domain controllers f

NO

Your network contains an AD forest. The forest contains a domain named contoso.com. The domain contains three domain controllers. A domain controller named Ion-dc1 fails. You are unable to repair Ion-dc1. You need to prevent the other domain controllers f

YES

Your network contains an AD forest named contoso.com. The forest contains 10 domains. The root domain contains a global catalog server named DC1. You remove the global catalog server role from DC1. You need to decrease the size of the AD database on DC1.

NO

Your network contains an AD forest named contoso.com. The forest contains 10 domains. The root domain contains a global catalog server named DC1. You remove the global catalog server role from DC1. You need to decrease the size of the AD database on DC1.

NO

Your network contains an AD forest named contoso.com. The forest contains 10 domains. The root domain contains a global catalog server named DC1. You remove the global catalog server role from DC1. You need to decrease the size of the AD database on DC1.

NO

Your network contains an AD domain named contoso.com. The domain contains a user named User1, a group named Group1, and an OU named OU1. You need to enable user1 to link Group Policies to OU1.
From ADUC, you add User1 to the Group Policy Creator owners gr

NO

Your network contains an AD domain named contoso.com. The domain contains a user named User1, a group named Group1, and an OU named OU1. You need to enable user1 to link Group Policies to OU1.
From AD Administrative Center, you add User1 to Group1. From A

NO

Your network contains an AD domain named contoso.com. The domain contains a user named User1, a group named Group1, and an OU named OU1. You need to enable user1 to link Group Policies to OU1.
From AD Administrative Center, you add User1 to Group1. From G

NO

Your network contains an AD domain named contosos.com. You create a domain security group named Group1 and add several users to it. You need to force all of the users in Group1 to change their password every 35 days. The solution must affect the Group1 us

From Active Directory Administrative Center, create a Password Setting Object (PSO).

Your network contains an Active Directory domain named contoso.com. The domain contains a web application that uses Kerberos authentication. You change the domain named of the web application. You need to ensure that the service principal name (SPN) for t

Ldifde

Your network contains an AD forest. The forest contains two domains named litwarenc.com and contoso.com. The contoso.com domain contains two domain controllers named LON-DC01 and LON-DC02. The domain controllers are located in a site named London that is

From the properties of the LON-DC02 computer account in Active Directory Users and Computers, modify the NTDS settings

Your network contains an AD domain named contoso.com. A Group Policy object (GPO) named GPO1 is linked to contoso.com. GPO1 has computer configuration policies, user configuration policies, and user preferences configured. You need to ensure that the user

Item-level targeting

Your network contains an AD domain named contoso.com. You discover that users can use passwords that contain only numbers. You need to ensure that all the user passwords in the domain contains at least three of the following types of characters:
Numbers
U

The Default Domain Policy

Your company has a main office and three branch offices. The network cotnains an AD domain named contoso.com. The main office contains three domain controllers. Each branch office contains one domain controller. You discover the new settings in the Defaul

From Group Policy Management, click Default Domain Policy under the Group Policy Objects container, and then open the Status tab.

Your network contains an AD domain named contoso.com. You need to create a central store for Group Policy administrative templates. What should you use?

File Explorer

Your company has a marketing department. The network contains an AD domain named contoso.com. The domain contains two top-level OUs named MKT_Comps and MKT_Users. MKT_Comps contains the computer accounts for the computers in the marketing department. MKT_

Computer Configuration/Preferences/Control Panel Settings/Network Options

Your network contains an AD domain. The domain contains an AD Rights Management Services (AD RMS) cluster and a CA. You need to ensure that all the documents that are protected by using AD RMS can be decrypted if the account used to encrypt the documents

Configure supers users in the AD RMS deployment

You have an internal web server that hosts websites. The websites use HTP and HTTPS. You deploy a Web Application Proxy to your perimeter network. You need to ensure that users from the Internet can access the websites by using HTTPS only. Internet access

From the Remote Access Management Console, publish the websites. Configure pass-through authentication and select Enable HTTP to HTTPS redirection
On external DNS name servers, create DNS entries that point to the public IP address of the Web Application

Your network contains an AD domain named contoso.coom. You plan to deploy a new AD RMS cluster on a server named Server1. You need to create the AD RMS service account. The solution must use the principle of least privilege. What should you do?

Create a domain user account and add the account to the Domain Users group in the domain

You use Application Request Routing (ARR) to make internal web applications available to the Internet by using NTLM authentication. You need to replace ARR by using the Web Application Proxy. Which server role should you deploy first?

Active Directory Federation Services

Your network contains an AD forest named contoso.com. The forest contains an enterprise root certification authority (CA) on a server that runs server 2016. You plan to create and issue a custom subordinate CA template. You need to prevent subordinate CAs

The Basic Constraints externsion

You are deploying a web application named WebApp1 to your internal network. WebApp is hosted on a server named Web1 that runs Server 2016. You eploy an AD FS infrastructure and a Web Application Proxy to provide access to WebApp1 for remote users. You nee

Publish WebApp1 by using pass-through preauthentication

Your netowrk contains an AD domain named contoso.com. The netowrk contains several IP subnets. One of the subnets uses a network ID of 192.168.10.0/24. You link a GPO named GPO1 to the domain. You need to map a drive to a specific file share on the comput

From the User Configuration node of GPO1, create a Group Policy preference that uses item-level targeting

You deploy a new certification authority (CA) to a server that runs Server 2016. You need to configure the CA to support recovery of certificates. What should you do first?

Configure the Key Recovery Agent templates as a certificate template to issue

Your network contains an AD domain named contoso.com. The domain has an enterprise CA. You duplicate the Basic EFS template, and you name the template Template1. You configure the CA to issue Template1. Users are configured to obtain a new certificate aut

The Security Settings for Template1

You have an enterprise CA named ContosoCA. Recovery agents are configured for ContosoCA. You duplicate the User certificate template and name it Cont_User. You plan to issue the certificates based on Cont_User to provide users with the ability to encrypt

Modify the Request Handling settings for Cont_User.

You have an offline root CA named CA1. CA1 is hosted on a VM. you only turn on CA1 when the CA must be patched or you must generate a key for subordinate CAs. You start CA1, and you discover that the filesystem is corrupted. You resolve the filesystem cor

Stop the Active Directory Certificate Services (AD CS) service

Your company has an office in Montreal. The network contains an AD domain named contoso.com. You have an OU named Montreal that contains all of the users accounts for the users in the Montreal office. An office manager in the Montreal office knows each pe

From the Security settings of the Montreal OU, assign the office manager the Reset Password permission

Your network contains an AD forest. The forest contains two domains two domains named contoso.com and fabrikam.com. The functional level of the forest and the domains in Server 2008 R2. You have a global group named Group1 an the contoso.com domain. Group

Modify the scope of Group1 to Universal

Your network contains an AD domain named contoso.com. You deploy a standalone root CA named CA1. You need to autoenroll domain computers for certificates by using a custom certificate template. What should you do first?

Install an enterprise subordinate CA

Your network contains an AD forest named contoso.com. All domain controllers run Server 2012 R2. You deploy a new server named Server1 that runs Server 2016. A server administrator named ServerAdmin01 is a member of the Domain users group. You add ServerA

Register a Service Connection Point (SCP)

Your network contains an AD forest named contoso.com. The domain contains an AD FS server named Server1. On a standalone server named Server2, you install and configure the Web Application Proxy. You have an internal web application named WebApp1. AD FS h

Remote Access Management on Server2

Your network contains an AD domain named contoso.com. All users are in an OU named Corp_Users. You plan to modify the description of all the users who have a string of 514 in their mobile phone number. You need to view a list of the users that will be mod

Get-ADUser-Filter "(mobilePhone-Like '
514
')

Your network contains an AD domain named contoso.com. The domain contains two servers named Server1 and Server2 that run Server 2016. The computer accounts of Server1 and Server2 are in the Computers container. A GPO named GPO1 is linked to the domain. GP

The WMI filter settings

You network contains an AD domain. The domain contains a computer named Computer1 and an OU named TestOU. TestOU contains 10 computer accounts that are used for testing. A GPO named GPO1 is linked to TestOU. On Computer1, you modify the User Right Assignm

On Computer1 run the secedit.exe command and specify the /export parameter. Edit GPO1, and ten import a security template

Your network contains an AD domain. Users do not have administrative privileges to their client computer. You modify a computer setting in a GPO. You need to ensure that the setting is applied to five client computers as soon as possible. What should you

From the domain controller, run the Invoke-GPUpdate cmdlet

Your network contains an AD domain named contoso.com. You have three top-level OUs named OU1, OU2, and OU3. OU1 contains user accounts. OU2 contains the computer accounts for shared public computers. OU3 contains the computer accounts for laptops. You hav

Loopback processing

Your network contains two AD forests named fabrikam.com and contoso.com. Each forest contains a single domain. Contoso.com has a GPO named Cont_GPO1. You need to apply the settings from COnt_GPO1 to the computers in fabrikam.com. Which two actions should

Back up Cont_GPO1. In fabrikam.com, create and link a new GPO by using the Group Policy Management Console (GPMC), and then run the Import Setting Wizard
Back up Cont_GPO1. In fabrikam.com run the Import-GPO cmdlet, and then run the New-GPLink cmdlet

Your network contains a single-domain AD forest named contoso.com. The forest functional level is Server 2016. The forest has Dynamic Access Control enable. The domain contains two domain controllers named DC1 and DC2. Privileged user accounts used to man

Create an access control condition in Policy1
Add the privileged user accounts and the domain controllers to Permitted Accounts in Silo1
Assign Silo1 to the privilege user accounts and the domain controllers

Your network contains an AD forest named contoso.com. The forest contains a member server named Server1. Server1 has several line-of-business applications. Each application runs as a service that uses the Network Service account. You need to configure the

From the Services console, modify the Log On properties of the services

Your network contains an AD domain named contoso.com. The user account for a user named User1 is in an OU named OU1. You need to enable User1 to sign in as user1@adatum.com.
From Active Directory Domains and Trusts, you configure an alternative UPN suffix

YES

Your network contains an AD domain named contoso.com. The user account for a user named User1 is in an OU named OU1. You need to enable User1 to sign in as user1@adatum.com.
From Active Directory Users and Computers you set the E-mail property of User1 to

NO

Your network contains an AD domain. You have a user account that is a member of the Domain Admins group. You have 100 laptops that have a standard corporate image installed. The laptops are in workgroups and have random named. A technician named Tech1 is

YES

Your network contains an AD domain. You have a user account that is a member of the Domain Admins group. You have 100 laptops that have a standard corporate image installed. The laptops are in workgroups and have random named. A technician named Tech1 is

NO

Your network contains an AD domain named contoso.com. The domain contains a user named User1, a group named Group1, and an OU named OU1. You need to enable User1 to link Group Policies to OU1
From Active Directory Administrative Center, you add User1 to G

YES

Your network contains an AD forest. The forest contains a domain named contoso.com. The domain contains three domain controllers. A domain controller named Ion-dc1 fails. You are unable to repair Ion-dc1. You need to prevent the other domain controllers f

YES

Your network contains an AAD domain named contoso.com. The domain contains two domain controllers named DC1 and DC2. DC1 holds the RID master operations role. DC1 fails and cannot be repaired. You need to move the RID role to DC2.
On DC2, yo uopen the com

YES

Your network contains an AD domain named contoso.com. The domain contains two domain controllers named DC1 and DC2. Dc1 holds the RID master operations role. DC1 fails and cannot be repaired. Yo uneed to move the RID role to DC2.
On DC2, you open ADUC, cl

NO

Your network contains an AD domain named contoso.com. A user named User1 is in an OU named OU1. You are troubleshooting a folder access issue for User1. You are troubleshooting a folder access issue for User1. You need a list of groups to which User1 is e

NO

Your network contains an AD domain named contoso.com. A user named User1 is in an OU named OU1. You are troubleshooting a folder access issue for User1. You need a list of groups to which User1 is either a direct member or an indirect member.
You run Get-

NO

Your network contains an AD domain named contoso.com. A user named User1 is in an OU named OU1. You are troubleshooting a folder access issue for User1. You need a list of groups to which User1 is either a direct member or an indirect member.
You run dsge

YES

Your network contains an AD domain named contoso.com. The domain contains an enterprise root certification authority (CA) on a server that runs Server 2016. You need to configure the CA to support Online Certificate Status Protocol (OCSP) responders. Whic

Add a new certificate
Modify the Authority Information Access (AIA) of the CA

Your network contains an AD domain named contoso.com. The domain contains a single site named Site1. All computers are in Site1. The GPO for the domain are configured as shown:
>Domain Controllers
>OU1
>>A5
>>OU2
>>>A4
>>OU3
>>>A6
>>>OU4
>>>>A7
Forest: Co

A7 only

Your network contains an AD domain named contoso.com. You have an application named App1 that is deployed to all the client computers in the domain. App1 writes a registry value named LocalStorage on all the client computers. You need to delete the Local

Configure a Group Policy preference that uses item-level targeting

You have a standalone root CA. You have a new security policy requirements specifying that any changes to the CA configuration must be logged. You need to ensure that the CA meets the new security requirement. Which two actions should you perform?

From Local Group Policy Editor, configure auditing for policy change
From Local Group Policy Editor, configure auditing for object access

Your company has multiple branch offices. The network contains an AD domain named contoso.com. In one of the branch offices, a new technician is hired to add computers to the domain. After successfully joining multiple computers to the domain, the technic

Modify the Security settings of the Computers container

Your create a user account that will be used as a template for new user accounts. Which setting will be copied when you copy the user account from ADUC?

the Department attribute

Your network contains an AD domain named contoso.com. The domain contains 5000 user accounts. You have a GPO named DomainPolicy that is linked to the domain and a GPO named DCPolicy that is linked to the Domain Controllers OU.
You need to ensure that the

From the User Configuration node of DCPolicy, modify Security Settings

Your network contains an AD domain named contoso.com. The domain contains 5000 user accounts. You have a GPO named DomainPolicy that is linked to the domain and a GPO named DCPolicy that is linked to the Domain Controllers OU.
You need to ensure that all

From the Computer Configuration node of DomainPolicy, modify Administrative Templates

Your network contains an AD domain named contoso.com. The domain contains a read-only domain controller (RODC) named RODC1. You need to retrieve a list of accounts that have their password cached on RODC1. Which command should you run?

repadmin.exe

Your network contains an AD domain named contoso.com. The domain contains a web application that uses Kerberos authentication. You change the domain name of the web application. You need to ensure that the service principal name (SPN) for the application

Setspn

You work for a comany named Contoso, ltd. The network contains an AD forest named contoso.com. A forest trust exists between contoso.com and an AD forest named adatum.com. The contoso.com forest contains the objects configured as shown:
...
Group1 and Gro

The contoso.com domain: Djoin.exe with the /provision parameter
Computer3: Djoin.exe with the /requestodj parameter

Your network contains an AD domain named contoso.com. The domain contains a single site named Site1. All computers are in Site1. The GPO for the domain are configured as shown:
>Domain Controllers
>OU1
>>A5
>>OU2
>>>A4
>>OU3
>>>A6
>>>OU4
>>>>A7
Forest: Co

A3
A1
A5
A7
A6

Your network contains an AD domain named contoso.com. The domain contains a single site named Site1. All computers are in Site1. The GPO for the domain are configured as shown:
>Domain Controllers
>OU1
>>A5
>>OU2
>>>A4
>>OU3
>>>A6
>>>OU4
>>>>A7
Forest: Co

A3
A1
A5
A6
A7

You have a server named Server1 that runs Serve 2016. Server1 has the Windows Application Proxy role service installed. You need to publish Microsoft Exchange ActiveSync services by using the Publish New Application Wizard. The ActiveSync services must us

Preauthentication method: Active Directory Federation Services (AD FS)
Preauthentication type: HTTP Basic

Your network contains an AD forest. The forest contains an AD FS deployment. The AD FS deployment contains the following:
An AD FS server named server1.contoso.com that runs Server 2016. A Web Application Proxy used to publish AD FS. A UPN that uses the c

Connect-MsolService
Set-MsolADFSContext -Computer server1.contoso.com
Convert-MsolDomainToFederated -DomainName contoso.com

You have a server named Server1 that runs Server 2016. Server1 has the Web Application Proxy role service installed. You are publishing an application named App1 that will use Integrated Windows Authentication as shown in the following graphic:
External U

configure the Backend server SPN
https://server02.contoso.com/publish/app1

Your network contains an AD forest. The forest contains one domain named contoso.com. The domain contains two domain controllers named DC1 and DC2. DC1 holds all of the operations master roles. During normal network operations, you run the following comma

NO
YES
NO

Your network contains an AD domain named contoso.com. Some user accounts in the domain have the P.O. Box attribute set. You plan to remove the value of the P.O. Box attribute for all of the users using Ldifde. You have a user named User1 who is located in

dn: CN=User1, CN=Usres, DC=contoso, DC=com
changetype: modify

Your company has multiple office. The network contains an AD domain named contoso.com. An AD site exists for each office. All of the sites connect to each other by using DEFAULTIPSITELINK. The company plans to open a new office. The new office will have a

Create a new site object
Create a new subnet object
Promote the member server to a domain controller

You have a server named Server1 that runs Server 2016. Server1 has the Web Application Proxy role service installed. You publish an application named App1 by using the Web Application Proxy. You need to change the URL that users use to connect to App1 whe

Set-WebApplicationProxyApplication
-ExternalURL
Set-WebAPplicationProxyApplication -ID 874A4543-7983-77A3-1E6D-1163E7419AC1 ExternalURL http://SP.Contoso.com/

Your network contains an AD forest named contoso.com. The forest contains an AD FS farm. You install Server 2016 on a server named Server2. You need to configure Server2 as a node in the federation server farm. Which cmdlets should you run?

First cmdlet to run: Install-WindowsFeature
Second cmdlet to run: Install-AdfsFarm

Your network contains an AD domain named contoso.com. The domain contains a server named server1 that runs server 2016. You install IPAM on server1. You select the automatic provisioning method, and then you spceify a prefix of IPAM1. You need to configur

Invoke-IpamGpoProvisioning
-GpoPrefixName
Invoke-IpamGpoProvisioning -Domain "Contoso.com" -GpoPrefixName

Your network contains an AD domain named contoso.com. The domain contains a member server named Server1 that runs Server 2016. Server1 has IPAM installed. IPAM uses a Windows Internal Database. You install Microsoft SQL Server on Server1. You plan to move

NT AUTHORITY
NETWORK SERVICE

Your network contains an AD domain named contoso.com. The domain contains two servers named Server1 and Server2 that run Server 2016. Server1 has Microsoft System Center 2016 Virtual Machine Manager (VMM) installed. Server2 has IPAM installed. You create

On Server1: Create a Run as Account that uses User1
On Server2: Add User1 to IPAM ASM Administrator Role

Your network contains an AD domain named contoso.com. The domain contains two servers named Server1 and Server2 that run Server 2016. Server1 has IPAM installed. Server2 has Microsoft System Center 2016 VMM installed. You need to integrate IPAM and VMM. W

Server1: Access Policy
Server2: Network Service, Run As Account

Your network contains an AD domain named contoso.com. The domain contains two servers named Server1 and Server2 that run Windows Server 2016. Server1 has IPAM installed. Server2 has the DHCP Server role installed. The IPAM server retrieves data from Serve

net localgroup
"Server1\IPAM MSM Administrators"
net localgroup "Server1\IPAM Administrators" User1 /add

You have a server named Server1 that runs Server 2016. Server1 has the Web Application Proxy role service installed. You plan to deploy Remote Desktop Gateway (RD Gateway) services. Clients will connect to the RD Gateway services by using various types of

Add-WebApplicationProxyApplication
ADFS

Your network contains an AD forest named contoso.com. Your company has a custom application named ERP1. ERP1 uses an Active Directory Lightweight Directory Services (AD LDS) server named Server1 to authenticate users. You have a member server named Server

First cmdlet to run: New-AdfsLdapServerConnection
Second cmdlet to run: Add-AdfsLocalClaimsProviderTrust

Your company has a testing environment that contains an AD domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2016. Server1 has IPAM installed. IPAM has the following configuration:
....
The group policy configur

NO
NO
NO

Your network contains an AD domain named contoso.com. The domain contains a server named Server1 that runs Server 2016. You insall IPAM on Server1. You need to manually start discovery of servers that IPAM can manage in contoso.com. Which three cmdlets sh

Invoke-IpamServerProvisioning
Add-IpamDiscoverDomain
Start-ScheduledTask

Your network contains an AD domain named contoso.com. The domain contains two servers named Server1 and Server2 that run Windows Server 2016. Server1 has IPAM installed. Serve2 has the DHCP Server role installed. The IPAM serve retrieves data from Server2

NO
NO
YES

You have a server named Server1 that runs Serve 2016. Server1 has the Web Application Proxy role service installed. You need to publish Microsoft Exchange Server 2013 services through the Web Application Proxy. The solution must use preauthentication when

Exchange ActiveSync: Pass-Through
Outlook Web App: Active Directory Federation Services (AD FS)
Outlook Anywhere: Pass-Through

Your network contains an AD domain named contoso.com. The domain contains three servers named server1, server2, and server3 that run Server 2016. Server1 has IPAM installed. Server2 and Server3 have the DHCP Server role installed and have several DHCP sco

From Server Manager on Server1, User1 can modify the description of the DHCP scopes: On Server2 only
From Server Manger on Server1, User1 can create a new DHCP scope: On Server2 only

Your network contains an AD domain named contoso.com. The domain contains four servers named Server1, Server2, Server3, and Server4 that run Server 2016. Server1 has IPAM installed. Server2, 3, and 4 have the DHCP server role installed. IPAM manages Serve

YES
NO
NO

Your network contains an AD domain named contoso.com. You need to view a list of all the domain user accounts that are enabled. But theres users that have not signed in during the last 30 days. Which command should you run?

Search-ADAccount
AccountInactive
Seatch-ADAccount AcountInactive -TimeSpan 30 -UserOnly |Format -Table Name, UserPrincipalName

Your network contains an AD domain named contoso.com. The domain contains an enterprise CA. A user named Admin1 is a member of the Domain Admins group. You need to ensure that you can archive keys on the CA. The solution must use Admin1 as a key recovery

From the Certification Authority console, add a certificate template to issue
From the Certificates Console, request a certificate
From the Certification Authority console, issue a pending request
From the Certification Authority console, add a Key Recove

Your network contains an AD domain named contoso.com. You have an administrative compter named Computer1 that runs Server 2016. From Computer1, you edit a GPO named GPO1 as shown in the exhibit:
.....
You receive a new administrative template named Templa

Copy Template1.admx to: \\Contoso.com\Sysvol\Contoso.com\Policies\PolicyDefinitions
Copy Template1.adml to: \\Contoso.com\Sysvol\Contoso.com\Policies\PolicyDefinitions\en-US

Your network contains an AD domain. The domain contains a domain controller named DC1 that runs server 2016. You start DC1 in Directory Services Restore Mode (DRSM). You need to compact the Active Directory database on DC1. Which three actions should you

Run ntdsutil.exe
Run active instance ntds.
From the Files context, run compact

Your company implement AD FS. You confirm that the comapny meets all the prerequisites for using Microsoft Azure Multi-Factor Authentication (MFA) and AD FS. You need to ensure that you can select MFA as the primary authentication method for AD FS. Which

Run the New-AdfsAzureMfatenant Certificate cmdlet
Run the New-MsolServicePrinicipal Credential cmdlet
Run the Set-AdfsAzureMfaTenant cmdlet

Your network contains an AD domain named contoso.com. The domain contains a domain controller named DC1. You create and link a GPO named SalesAppGPO to an OU named SalesOU. All the computer accounts are in the Computer container. All the user accounts of

On DC1, create a shared folder named SalesApp
Copy the Windows installer package to SalesApp
In GPO1, add a package to User, Configuration\Policies\Software Settings\Software installation

Your network contains an AD forest named contoso.com. You need to add a new domain named fabrikam.com to the forest. What command should you run?

Install-ADDSDomain
TreeDomain

Your network contains an AD forest. The forest contains two domain controllers named DC1 and DC2 that run Server 2016. DC1 holds all of the operations master roles. DC1 experiences a hardware failure. You plan to use an automated process that will create

Move-ADDirectoryServerOperationMasterRole
RIDMaster
-Force

Your network contains an AD domain named adatum.com. The domain contains the servers configured as shown in the following table:
.....
You have a server named Server6 in the perimeter network. Each server has the local users show in the following table:
.

Server4\
User1

Your network contains an AD domain named contoso.com. You open Group Policy Management as shown in the Group Policy management exhibit:
....
A user named User1 is in OU1. A computer named Computer2 is in OU2. The settings of GPO1 are configured as shown i

NO
YES
NO

Your network contains an AD domain named contoso.com. A user named User1 and a computer named Computer1 are in an OU named OU1. A user named User2 and a computer named Computer2 are in an OU named OU2. A GPO named GPO1 is linked to the domain. GPO1 contai

YES
YES
YES

Your network contains an AD forest named contoso.com. They connect to the forest by using Idp.exe and receive the output as shown in the following exhibit:
.....
1. The forest has __________ Active Directory partitions:
2. The minimum requirment for domai

three
Windows Server 2012

Your network contains an AD domain named contoso.com. The domain contains two domain controllers named DC1 and DC2. DC1 holds the RID master operation role. DC1 fails and cannot be repaired. You need to move the RID role to DC2.
On DC2, you open Windows P

NO

Your network contains an AD domain named contoso.com. The domain contains two domain controllers named DC1 and DC2. DC1 holds the RID master operation role. DC1 fails and cannot be repaired. You need to move the RID role to DC2.
On DC2, you open the comma

NO

Your network contains an AD forest. Some users report experience difficulties signing in to domain controllers. You suspect that the service location (SRV) records might be causing the issue. What are two possible commands that you can run to verify the S

dcdiag.exe/test:connectivity
dcdiag.exe/test:DnsRecordRegistration

Your company has multiple branch offices. The network contains an AD domain named contoso.com. In one of the branch offices, a new technician is hired to add computers to the domain. After successfully joining multiple computers to the domain, the technic

Run the Delegation of Control Wizard on the Computers container

You create a user account that will be used as a template for new user accounts. Which setting will be copied when you copy the user account from ADUC?

the Member of attribute

Your network contains an AD domain. The domain contains an OU named FileServerOU. A GPO named GPO1 is linked to FIleServerOU. FileServerOU contains all the file servers in the domain. You make an urgent security edit to GPO1. You need to ensure that all t

Right-click FileServersOU and click Group Policy Update

Your network contains two AD forests named fabrikam.com and contoso.comm. Each forest contains two sites. Each site contains two domain controllers. You need to configure all the domain controllers in both the forests as global catalog servers. Which snap

Active Directory Sites and Services

Your network contains an AD domain named adatum.com. The domain contains a security group named G_Research and an OU named OUResearch. All the use in the research department are members of G_Research and their user accounts are in OU_Research. You need to

From Active Directory Administrative Center, create a new Password Settings object (PSO)

Your network contains an AD domain named contoso.com. You need to create a central store for Group Policy administrative templates. What should you use?

File Explorer

Your network contains an AD domain named contoso.com. A user named User1 is in an OU named OU1. You are troubleshooting a folder access issue for User1. You need to list of groups to which User1 is either a direct member or an indirect member.
You instruc

YES

Your network contains an AD domain named contoso.com. A user named User1 is in an OU named OU1. You are troubleshooting a folder access issue for User1. You need to list of groups to which User1 is either a direct member or an indirect member.
From Window

NO

Your network contains an AD domain named contoso.com. The domain contains a single site named Site1. All computers are in Site1. The GPO for the domain are configured as shown:
>Domain Controllers
>OU1
>>A5
>>OU2
>>>A4
>>OU3
>>>A6
>>>OU4
>>>>A7
Forest: Co

A1 and A7 only

Your network contains an AD domain named contoso.com. The domain contains a single site named Site1. All computers are in Site1. The GPO for the domain are configured as shown:
>Domain Controllers
>OU1
>>A5
>>OU2
>>>A4
>>OU3
>>>A6
>>>OU4
>>>>A7
Forest: Co

A1, A5, A6, and A4

Your network contains an AD domain named contoso.com. The domain contains an administrative workstation named WKS1 that runs Windows 10. You have a GPO named GPO1. You download a custom administrative template that contains the following files:
-App1.admx

App1.adml: C:\Windows\PolicyDefinitions
App1.admx: C:\Windows\PolicyDefinitions\en-US

Your network contains an AD domain named contoso.com. The relevant objects in the domain are configured as shown in the following table:
....
You have the following configurations:
User1 is in OU1 and is a member of Group1 and Group2
User2 is in OU2 and i

YES
YES
YES

Your network contains an AD domain named contoso.com. The domain contains the computers configured as shown:
Client1, 172.16.0.5, 150 GB
Client2, 172.16.0.25, 50 GB
CLient3, 172.16.0.95, 200 GB
The domain contains a user named User1. A GPO named GPO1 is l

NO
NO
YES

Your network contains an AD domain named contoso.com. You need to create a central store for Group Policy administrative templates. What should you use?

Copy-item

Your network contains an AD forest. The forest contains two domain named litwarenc.com and contoso.com. The contoso.com domain contains two domain controllers named LON-DC01 and LON-DC02. The domain controllers are located in a site named London that is a

From the properties of the LON-DC02 computer account in Active Directory Users and Computers, modify the NTDS settings

Your company has a main office and three branch offices. The network contains an Active Directory domain named contoso.com. The main office contains three domain controllers. Each branch office contains one domain controller. You discover the new settings

From a command prompt, run repadmin.exe