A Public Key Infrastructure (PKI) is implemented by an administrator for an Active Directory Domain Services (AD DS) domain. The PKI includes an enterprise root certificate authority (CA) and multiple subordinate CAs as issuing CAs. The administrator creates a template replicated by through Active Domain (AD). What should the administrator do if he wants subordinate CAs to automatically issue certificates, keeping in consideration that the certificates must be based on the new template?

You are working as an enterprise administrator in an organization. Windows Server 2016 is running on all infrastructure servers. The network is organized as a single Active Directory domain. At this moment, the organization is not planning to migrate resources to the public cloud. To select businesses in various locations across the world, you publish your on-premises SharePoint Server 2016 intranet site using Active Directory Federation Services (AD FS) and Web Application Proxy (WAP). You want to ensure secure connections to the internal SharePoint server since you have to maintain compliance with corporate IT security policy. Identify which of the following is the appropriate step to take in this situation.

You are working in OrganizationA as an Active Directory Domain Services (AD DS) administrator. A single domain named organizationa.com is where the network for this organization is set up. All domain controllers run Windows Server 2016. Your organization purchases another company named OrganizationB. The network for OrganizationB consists of a single Active Directory domain named organizationb.com in which all domain controllers run Windows Server 2012 R2. There is also an internal line-of-business application owned by OrganizationB. That application integrates into the Active Directory schema. If you want to design a migration plan that integrates organization.com domain into the organizationa.com forest, and you also have to make sure there is minimal disruption to the line-of-business application owned by OrganizatioB, which of the following steps best fulfills your need?

There is a domain called company.com. A Group Policy administrative template is used in this domain and you are editing the policy. You want to see limited policy settings so it becomes easier for your find those you want to edit or change. Filter options are set to Managed. Setting state is set to Enabled. To further narrow down the search, you put in a keyword in the filer to match a text string in the policy statement. These actions will limit the policies displayed, but can you identify which policies will the filter include when performed the actions mentioned above?

Company.com is a domain and you are an administrator for this domain. Both Domain controllers (DCs) and member servers run Windows Server 2016 or Windows Server 2012 R2. The clients using the domain run Windows 10. An Active Directory Federation Services (AD FS) farm is included in your domain and the farm includes two servers. Both the servers in that farm run Windows Server 2016. You want to authenticate users whose identities are stored in a Lightweight Directory Access Protocol (LDAP) v3-compliant directory by configuring the AD FS infrastructure. To configure a connection with the LDAP directory you run the New-AdfsLdapServerConnection PowerShell cmdlet. Then, to map LDAP attributes to existing claims, you run the New-AdfsLdapAttributeToClaimMapping cmdlet. Identify the cmdlet you should run in order to finish configuring authentication requirements.

You have a single Active Directory domain network with domain controllers running Windows Server 2016 and Windows Server 2012 R2. The clients are using desktop and laptop systems and running a mixture of Windows 7, Windows 8.1, and Windows 10. You are required to come up with a configuration management solution that enforces power-related options on a fleet of Windows 7-based laptop computers. Here are the technical requirements your solution is expected to meet: * users are not permitted to modify power settings. * No PowerShell engine update is required. * There should not be an additional licensing cost involved. What should be your next step to make sure these requirements are met?

You have an Active Directory Domain Services (AD DS) domain. You are the network administrator. There is a Research and Development department in your organization and the Research organizational unit (OU) contains all users and computers the department. There is a Departments OU and Research is a child OU of the Departments OU. Can you identify the action you will take to allow only one user the to change passwords for users in the Research OU keeping in mind the domain security must be avoided with any additional risks?

Organization.com is a company domain and you are an administrator for that domain. Windows Server 2012 R2 or Windows Server 2016 is run by Domain Controllers and Member servers. Clients using the domain clients are running Windows 10. There is an Active Directory Federation Services (AD FS) farm included in your domain and the farm includes two servers that run Windows Server 2016. A Public Key Infrastructure (PKI) is included with the domain. The PKI comes with enterprise certificate authorities. You are required to configure AD FS so you can support Microsoft Passport authentication for on-premises devices. Device registration is configured through AD FS and Group Policy object (GPO) linked to the domain is also configured. With this you want to support automatic registration for domain-joined devices and enable Microsoft Passport authentication. Which certificate should you enroll next?

OrganizationA has hired you as a network administrator. Organization’s network consists of a domain called organizationA.com. It is a single Active Directory Domain Services (AD DS) domain. Windows Server 2012 R2 is run by all domain controllers and member servers. As an administrator, you manage an Active Directory Federation Services (AD FS) farm. The AD FS provides single sign-on (SSO) to web applications that are several in number and external line-of-business (LOB) in nature. You are required to upgrade all infrastructure servers to Windows Server 2016 and as a part of the process upgrade the current AD FS farm. Choose an option as a step that you will do first considering the situation above.

In an organization, DC1 and DC2 are two Windows Server 2016 domain controllers (DC) with a single Active Directory Domain Services (AD DS) domain. You are an administrator in this organization and you log onto DC1. Upon logging on, you move the jdoe user account from the Users container to Contractors, that is, an organizational unit (OU). There is another administrator in your team. While you were busy here, he deletes the Contractors OU from DC2 and does not notify you of the change. Now when the Active Directory replication takes place, you notice both the jdoe account and Contractors OU are missing. You now want to retrieve the jdoe account but also don’t want to disrupt service or put in too much administrative effort. What will be your next step of action?

SSERV.company.com is a company domain on which you configure a default instance of SQL Server 2016. Windows Server 2016 is running on the computer. A service account that should not require a password needs to be specified for the SQL Server. The service account must also enable the SQL Server service to use the computer's security context to access the network. Can you identify the service account you would enter in this situation?

You have an Active Directory Domain Services (AD DS) domain. The domain includes an Active Directory Certificate Services (AD CS) Public Key Infrastructure (PKI). A certification authority (CA) is configured by you, and it uses companySC template to issue certificates. You configure smart cards using these certificates, and authenticate the domain using smart cards. Without compromising or hurting the domain and CS security, if you want to enable a support engineer to request certificates on behalf of other users, which of the following steps would you take?

You have a network that consists of a single Active Directory Domain Services (AD DS) domain. Windows Server 2012 R2 is running on all infrastructure servers. There is an Active Directory Federation Services (AD FS) farm that you are managing, and it includes two web application proxy servers and two federation servers. The Active Directory schema is extended by you and the domain controller is upgraded to Windows Server 2016. The domain controller was hosting the Primary Domain Controller (PDC) Emulator flexible single master operations (FSMO) role. Once done, you upgrade the remaining three servers to Windows Server 2016. If you want to implement Azure Multi-Factor Authentication (MFA) for the farm, and you want it to be the primary authentication provider for the farm, identify the command you should run first?

Remote locations with weak and unreliable communication links are present in your Active Directory Domain Services (AD DS) domain. You configure two things in the domain. Slow link detection and Group Policy Objects (GPOs) caching for the GPOs used in your domain. You want to know what happens when a slow link to a remote location is detected. Can you identify What happens when a user connects over a slow link?

There is a domain called organization.com, and you are an administrator for it. It is a single domain with multiple geographic locations and your network is configured on it. There are four regions the company is organized around. These are North, South, East and West, with employees travelling frequently between regions. All employees use their own laptops while travelling. The computer setting on each laptop must be applied as per the location they are visiting and at all locations, dynamic IP address are assigned. Organizational Units named as per the regions are created and the Group Policy objects is also created and configured. As an administrator, you want appropriate GPO settings applied as a user logs on in a particular location. What would be your next step if you aim to to minimize the administrative effort required to implement and maintain the solution and domain security requirements?

You have an Active Directory Domain Services (AD DS) domain. An Active Directory Certification Services (AD CS) Public Key Infrastructure (PKI) is included in the domain. Using a Group Policy object (GPO) that is linked to the domain, you have enabled autoenrollment. Now you have to configure a certificate template that supports autorenewal and does it without requiring the user to interact. There is an Authenticated Users group in the certificate template, and minimum required rights need to be configured for that AU group. Can you identify the two such rights/permissions?

You are working in a company and it has a network organized as a single Active Directory Domain Services (AD DS) domain. Windows Server 2016 is being run on all domain controllers and member services. There is an Active Directory Certificate Services (AD CS) public key infrastructure (PKI) hierarchy. The hierarchy has one standalone offline root certification authority (CA). The hierarchy also contains five subordinate certification authorities. You are required to implement administrative role separation for AD CS to comply with a recent regulatory compliance mandate that requires least service security. What is the appropriate step of action?

You are working in an organization as an enterprise administrator. A hybrid cloud scenario is employed by the network in your organization. The on-premises network is connected to Microsoft Azure via site-to-site VPN. User identities, however, are being managed locally. Windows Server 2016 is being run on the infrastructure servers, and Windows 10 Enterprise edition is used on all client devices. The company witnesses a data breach, and because of that the security posture of the company is being reevaluated. All network users are required by you to provide a secondary authentication method, along with their AD domain password, and at the same time your solution must avoid additional costs without compromising security. Identify the action you will take.

You are working in a company as a domain administrator. Recently, four domain controllers are ungraded to Windows Server 2016, while on the other four DCs, Window Server 2012 R2 is running. Functional levels for forest and domain are both set to Windows Server 2012 R2. There is new branch office where you are required to install a Windows Server 2016-based read-only domain controller (RODC). There is a challenge here, as the new branch office location offers limited network bandwidth, because of which installation must be performed with minimal Active Directory replication with the head office. Choose two actions most suitable to perform in this situation. (opt any two).

You work for an organization with a network having a single Active Directory domain with Windows Server 2016 running on all infrastructures. There is an on-premises web application that is a line-of-business app. The application uses Azure Active Directory (Azure AD) for authentication. You are required to provide a solution which lets users of the LOB application use single sign-on using their domain credentials without getting bound to the network parameter. Here are the technical requirements your solution must have: - No need for remote users to use a VPN - Minimum changes to the on-premises environment Identify the service you should deploy.

There is an Active Directory Domain Services (AD DS) domain named organization.com. You are a network administrator creating several starter Group Policy objects (GPOs). What should you do if you need to use the starter GPOs in a different forest?

You work for a company that user a single domain. Windows Server 2016 or Windows Server 2012 R2 are run by the domain controllers and member services in this domain. The domain members are the domain workstations. Windows 8.1 or Windows 10 are run by these domain workstations. You need to implement a Certification Authority (CA) hierarchy. Following are the technical requirements you need to keep in mind while implementing a Certification Authority (CA) hierarchy: -While implementing public key infrastructure (PKI) security, it should be aligned with Microsoft best practices and patterns. -Active Directory integration to support user and computer authentication for all domain users and computers. Identify two options you think are appropriate to perform. (opt any two)

There is a single Active Directory Domain Services (AD DS) domain named organization.com. Windows Server 2016 is run on all domain controllers. Employees from the legal department approach the corporate desk support informing that their accounts are getting locked, reason being a configuration error. As a solution, you want to automate process that unlocks Active Directory user accounts of all Legal department employee. Here is the line of code you begin a new PowerShell script with: Get-ADUser -Filter * -SearchBase OUrLegal,DC=Company,DCrcom' j Can you identify the command that should appear after the pipeline symbol?