Certification Exam Prep Questions For Identity with Windows Server 2016


QuickStart is now offering assessment questions for Identity with Windows Server 2016. Whether you are deciding which exam to sign up for, or simply want to practice the materials necessary to complete certification for this course, we have provided a practice assessment to better aid in certification. 100% of the questions are real questions; from a recent version of the test you will take forIdentity with Windows Server 2016.


Arrow
 

1

You are an administrator for an Active Directory Domain Services (AD DS) domain. You implement a Public Key Infrastructure (PKI) that includes an enterprise root certificate authority (CA) and multiple subordinate CAs as issuing CAs. You create a template that is replicated through AD. All subordinate CAs should be able to issue certificates based on that template. Domain users cannot request a certificate based on the new template. Users should receive the certificate automatically. You need to ensure that CAs can issue certificates based on the new template you created. What should you do?

2

You are an administrator for an Active Directory Domain Services (AD DS) domain. The domain's forest structure is shown in the exhibit. All domain controllers (DCs) run Windows Server 2012 R2 or Windows Server 2016. Both domain trees are part of the same DNS primary zone. Users in the sales.ops.companyl.com regularly have to log on at the resource.company2.com domain. Users complain about the amount of time required to complete authentication. You need to optimize authentication between the domains, while minimizing the security changes in your domain. What should you do?

3

The company.com forest is organized as shown in the exhibit. Each domain supports multiple geographic locations. Domain Controllers (DCs) run Windows Server 2016. Member servers run Windows Server 2012 R2 or Windows Server 2016. Clients run Windows 8.1 or Windows 10. The us.company.com domain is configured as two sites named USNorth and USSouth. Member computers and DCs in the us.company.com domain need different configuration settings applied during startup than member computers in the rest of the forest. You need to prevent configuration settings set through Group Policy in the company.com domain from applying in the us.company.com domain. You must minimize the effort necessary to implement and maintain the solution. You also must minimize changes to the infrastructure. What should you do?

4

You configure Group Policy objects (GPOs) for the company.com domain. A GPO named Assistants is linked to the operations organizational unit (OU). You assign a security group filter for the Assistants GPO as shown in the exhibit. All current security updates are applied to client computers. You need to determine the impact of the security setting on applying the GPO to computer and user objects in the Ops OU. How will the security filter impact the application of the OU?

5

You are an enterprise administrator for your company. All infrastructure servers run Windows Server 2016, and the network is organized as a single Active Directory domain. There are no plans for the company to migrate resources to the public cloud at this time. You plan to use Active Directory Federation Services (AD FS) and Web Application Proxy (WAP) to publish your on-premises SharePoint Server 2016 intranet site to select businesses located elsewhere in the world. In order to maintain compliance with corporate IT security policy, you need to enforce secure connections to the internal SharePoint server. What should you do?

6

You are an Active Directory Domain Services (AD DS) administrator for CompanyA. The network is organized as a single domain named companya.com. All domain controllers run Windows Server 2016. CompanyA purchases another business named CompanyB. The CompanyB network consists of a single Active Directory domain named companyb.com in which all domain controllers run Windows Server 2012 R2. CompanyB also owns an internal line-of-business application that integrates into the Active Directory schema. You need to design a migration plan to incorporate the companyb.com domain into the companya.com forest. Your solution must involve minimal disruption to the line-of-business application owned by Company B. What should you do?

7

You are editing a Group Policy administrative template that is used in the company.com domain. You want to limit the policy settings displayed to make it easier to find the ones you want to edit. You set the filter options to Managed and to a setting state of Enabled. You also specify a keyword filter to match a specified text string in policy comments. You need to determine how this will limit the policies displayed. Which policies will the filter include?

8

You are an administrator for the company.com domain. Domain controllers (DCs) and member servers run Windows Server 2012 R2 or Windows Server 2016. All domain clients run Windows 10. Your domain includes an Active Directory Federation Services (AD FS) farm. The farm includes two servers that run Windows Server 2016. You want to configure the AD FS infrastructure to authenticate users whose identities are stored in a Lightweight Directory Access Protocol (LDAP) v3-compliant directory. You run the New-AdfsLdapServerConnection PowerShell cmdlet to configure a connection with the LDAP directory. You then run the New-AdfsLdapAttributeToClaimMapping cmdlet to map LDAP attributes to existing claims. You need to finish configuring authentication requirements. Which cmdlet should you run?

9

Your network consists of a single Active Directory domain with Windows Server 2016 and Windows Server 2012 R2 domain controllers. Corporate desktop and laptop client systems run a mixture of Windows 10, Windows 8.1, and Windows 7. You need to engineer a configuration management solution that enforces power-related options on a fleet of Windows 7-based laptop computers. Your solution must meet the following technical requirements: * It should prevent users from modifying power settings. * It should not require a PowerShell engine update. * It should not involve additional licensing cost. What should you do?

10

You are an administrator for an Active Directory Domain Services (AD DS) domain. The Research organizational unit (OU) contains all users and computers for the Research and Development department in your company. Research is a child OU of the Departments OU. You need to give one user the ability to change passwords for users in the Research OU. You want to minimize any additional risks to domain security. What should you do?

11

You are an administrator for the company.com domain. Domain controllers (DCs) and member servers run Windows Server 2012 R2 or Windows Server 2016. All domain clients run Windows 10. Your domain includes an Active Directory Federation Services (AD FS) farm. The farm includes two servers that run Windows Server 2016. Your domain includes a Public Key Infrastructure (PKI) with enterprise certificate authorities. You need to configure AD FS to support Microsoft Passport authentication for on-premises devices. You configure device registration through AD FS and configure a Group Policy object (GPO) linked to the domain to support automatic registration for domain-joined devices and enable Microsoft Passport authentication. Which certificate should you enroll next?

12

You are an administrator for CompanyA. The network consists of a single Active Directory Domain Services (AD DS) domain named CompanyA.com. All domain controllers and member servers run Windows Server 2012 R2. You manage an Active Directory Federation Services (AD FS) farm that provides single sign-on (SSO) to several external line-of-business (LOB) web applications. You need to upgrade all infrastructure servers to Windows Server 2016 and upgrade the current AD FS farm as part of the process. What should you do first?

13

Your company has a single Active Directory Domain Services (AD DS) domain that contains two Windows Server 2016 domain controllers named DC1 and DC2. You log onto DC1 and move the jsmith user account from the Users container to an organizational unit (OU) named Contractors. At the same time, another administrator deletes the Contractors OU from DC2 without notifying you of the change. After Active Directory replication takes place, both the jsmith account and Contractors OU are missing. You need to retrieve the jsmith account as soon as possible, with minimal service disruption and the least administrative effort. What should you do?

14

You are an administrator for the company.com domain. You deploy an Active Directory Federation Services (AD FS) server named fs.company.com in the main network and a Web Application Proxy (WAP) server named wap.company.com in the perimeter network, as shown in the exhibit. Both servers run Windows Server 2016. You need to determine the ports that must be opened in the firewall facing the Internet to support required user communication with the WAP server. Which two ports need to be open in the firewall? Each correct answer presents part of the solution.

A. 53
Incorrect.
B. 5985
Incorrect.
C. 443
Correct!
D. 49443
Correct!
15

You configure a default instance of SQL Server 2016 on a company named SSERV.company.com. The computer runs Windows Server 2016. You need to specify a service account for SQL Server. The service account should not require you to enter a password and should enable the SQL Server service to access the network using the computer's security context. Which service account should you enter?

16

Your Active Directory Domain Services (AD DS) domain includes an Active Directory Certificate Services (AD CS) Public Key Infrastructure (PKI). You configure a certification authority (CA) to issue certificates from the companySC template. The certificates are used to configure smart cards for domain authentication. You need to enable a support engineer to request certificates on behalf of other users, while minimizing the impact on domain and CS security. What should you do?

17

Your network consists of a single Active Directory Domain Services (AD DS) domain. All infrastructure servers run Windows Server 2012 R2. You manage an Active Directory Federation Services (AD FS) farm that includes two federation servers and two web application proxy servers. You extend the Active Directory schema and upgrade the domain controller hosting the Primary Domain Controller (PDC) Emulator flexible single master operations (FSMO) role to Windows Server 2016. You then upgrade the remaining three servers to Windows Server 2016. You need to implement Azure Multi-Factor Authentication (MFA) as a primary authentication provider for the farm. Which command should you run first?

18

Your Active Directory Domain Services (AD DS) domain includes remote locations with unreliable communication links. You configure slow link detection and Group Policy Objects (GPOs) caching for the GPOs used in your domain. You need to determine what happens when a slow link to a remote location is detected. What will happen when a user connects over a slow link?

19

You are an administrator for the company.com domain. Your network is configured as a single domain with multiple geographic locations. The company is organized around four regions, referred to as North, South, East, and West. Employees often travel between regions, using their own laptops. Specific computer settings should be applied depending on where the user logs on. Dynamic IP address assignments are used in all locations. You create and configure the Group Policy objects (GPOs). You create organizational units (OUs) named North, South, East, and West. You need to ensure that the appropriate GPO settings are applied when a user logs on. You must minimize the administrative effort necessary to implement and maintain the solution and domain security requirements. What should you do?

20

Your Active Directory Domain Services (AD DS) domain includes an Active Directory Certification Services (AD CS) Public Key Infrastructure (PKI). You enable certificate autoenrollment through a Group Policy object (GPO) linked to the domain. You want to configure a certificate template to ensure that it supports automatic renewal without user interaction. You need to configure the minimum required rights for the Authenticated Users group in the certificate template. What are the two minimum required permissions?

A. Full Control
Incorrect.
B. Enroll
Correct!
C. Autoenroll
Incorrect.
D. Read
Correct!
21

Your corporate network is organized as a single Active Directory Domain Services (AD DS) domain, with all domain controllers and member servers running Windows Server 2016. The company has an Active Directory Certificate Services (AD CS) public key infrastructure (PKI) hierarchy that consists of a standalone offline root certification authority (CA) and five enterprise subordinate CAs. To comply with a recent regulatory compliance mandate that requires least service security, you need to implement administrative role separation for AD CS. What should you do?

22

You are an enterprise administrator for your organization. The corporate network employs a hybrid cloud scenario in which a site-to-site VPN links the on-premises network to Microsoft Azure. However, all user identities exist and are managed locally. All infrastructure servers run Windows Server 2016, and all client devices run Windows 10 Enterprise Edition. A recent data breach forced the company to reevaluate its security posture. You need to require all network users to provide a secondary authentication method in addition to their Active Directory domain password. The solution must minimize additional cost without sacrificing security. What should you do?

23

You are a domain administrator for your company. The IT department recently upgraded four domain controllers to Windows Server 2016. The remaining four domain controllers run Windows Server 2012 R2. The forest and domain functional levels are both set to Windows Server 2012 R2. You need to install a Windows Server 2016-based read-only domain controller (RODC) in a newly created branch office. Because the branch office exists in a location with limited network bandwidth, you need to perform the installation with minimal Active Directory replication with the main office. Which two actions should you perform? Each correct answer presents part of the solution.

24

Your network is organized as a single Active Directory domain. All infrastructure servers run Windows Server 2016. Your development staff is authoring an on-premises line-of-business (LOB) web application that uses Azure Active Directory (Azure AD) for authentication. You need to design a solution that allows your users single sign-on (SSO) to the LOB web application by using their domain credentials from inside or outside the network perimeter. Your solution must meet the following technical requirements: * Remote users should not have to use a virtual private networking (VPN) connection. * Changes to the on-premises environment must be minimized. Which service should you deploy or configure?

25

You are an administrator for an Active Directory Domain Services (AD DS) domain named company.com. You create several starter Group Policy objects (GPOs). You need to use the starter GPOs in a different forest. What should you do first?

26

Your network consists of a single domain in which domain controllers and member servers run either Windows Server 2016 or Windows Server 2012 R2. All domain workstations are domain members and run either Windows 8.1 or Windows 10. You need to implement a Certification Authority (CA) hierarchy. Your solution must meet the following technical requirements: * Adherence to Microsoft best practices and patterns for public key infrastructure (PKI) security. * Active Directory integration to support user and computer authentication for all domain users and computers. Which two actions should you perform? Each correct answer presents part of the solution

27

You manage a single Active Directory Domain Services (AD DS) domain named company.com. All domain controllers run Windows Server 2016. The corporate support desk receives multiple issues from Legal department employees whose accounts become locked due to a configuration error. You need to automate the unlocking of all Legal department employee Active Directory user accounts. You begin a new PowerShell script with the following line of code: Get-ADUser -Filter * -SearchBase OUrLegal,DC=Company,DCrcom' j What command should appear after the pipeline symbol?

28

You are an administrator for an Active Directory Domain Services (AD DS) domain named companyl.com. portion of your Organizational Unit (OU) structure is shown in the exhibit. The EComputers OU contains computer objects. The EUsers OU is empty. The Protect object from accidental deletion setting is disabled on each OU. You are preparing to reorganize your domain. Instead of organizing computer and user objects geographically, you want to organize them based on the company organizational chart. You will be creating and deleting several OUs as part of this process. You need to determine what will happen when you run the following: Dsrm -subtree OUrEurope,DCrcompany1.DCrcom What will happen when you execute the command?

PDP Url

Sample Question - Identity with Windows Server 2016


Self-Paced

Learning Style

Beginner

Difficulty

1 Hour

Course Duration

Certificate

See Sample

Buy Individually
About Individual Course:
  • Individual course plan gives you access to this course
$109.00
$109.00
/ Each

Outline

More Information

More Information
Lab Access No
Learning Style Self-Paced Learning
Difficulty Beginner
Course Duration 1 Hour
Language English

Reviews

Write Your Own Review
Only registered users can write reviews. Please Sign in or create an account

Contact A Learning Consultant


click here