Certification Practice Test Sample Questions For Identity with Windows Server 2016 - (MS-20742).
QuickStart is now offering sample questions for Microsoft Windows Server 2016 (MS-20742). Whether you are deciding which exam to sign up for, or simply want to practice the materials necessary to complete certification for this course, we have provided a practice test to better aid in certification. 100% of the questions are real test questions from a recent version of the Microsoft Windows Server 2016 (MS-20742) exam.


Windows Server 2019 Administration (WS-011T00)
Enroll now today and get 30% off using discount code PRACTICE30 at checkout.
Identity with Windows Server 2016 - (MS-20742) Sample Exam Questions
An Active Directory Forest named contoso.com is contained by your network. There is an Active
Directory Rights management service (AD RMS) which is contain by the forest. With a company named
Fabrikam, inc your company establishes a partnership. Fabrikam networks contain an Active Directory
forest named fabrikam.com and an AD RMS deployment. Rights protected documents sent by the users
of Fabrikam.com should be access by the users in contoso.com. To ensure this consider the following
solution.
Solution: You configure contoso.com as a trusted publisher domain from AD RMS in fabrikam.com.
Is this the correct solution?
An Active Directory Forest named contoso.com is contained by your network. There is an Active
Directory Rights management service (AD RMS) which is contain by the forest. With a company named
Fabrikam, inc your company establishes a partnership. Fabrikam networks contain an Active Directory
forest named fabrikam.com and an AD RMS deployment. Rights protected documents sent by the users
of Fabrikam.com should be access by the users in contoso.com. To ensure this consider the following
solution.
Solution: You configure contoso.com as a trusted publisher domain from AD RMS in contoso.com.
Is this the correct solution?
An Active Directory Forest named contoso.com is contained by your network. There is an Active
Directory Rights management service (AD RMS) which is contain by the forest. With a company named
Fabrikam, inc your company establishes a partnership. Fabrikam networks contain an Active Directory
forest named fabrikam.com and an AD RMS deployment. Rights protected documents sent by the users
of Fabrikam.com should be access by the users in contoso.com. To ensure this consider the following
solution.
Solution: You configure contoso.com as a trusted user domain from AD RMS in fabrikam.com.
Is this the correct solution?
Note: Presenting same scenario, this question is the part of series of questions. There is a unique
solution that each question in the series contain that might meet the stated goal. There might be more
than one correct solution of some questions sets, while other not have a correct solution. In this section
after answering a question you will not be able to return to it. As a result, in the review screen these
question will not appear.
An Active Directory Forest named contoso.com is contained by your network. A member server name
Server1 contains by the forest that runs windows server 2016. All domain controllers run Windows
Server 2012 R2.
Contoso.com has the following configuration:
PS C:\> (Get-ADForest).ForestMode Windows2008R2Forest
PS C:\> (Get-ADDomain).DomainMode
Windows2008R2Domain
PS C:\>
You plan to configure device registration and deploy an Active Directory Federation Services (AD FS)
farm on Server1. To support the planned deployment you need to configure active directory.
Solution: From the windows server 2016 installation media you run adprep.exe. is this the correct
solution?
Note: Presenting same scenario, this question is the part of series of questions. There is a unique
solution that each question in the series contain that might meet the stated goal. There might be more
than one correct solution of some questions sets, while other not have a correct solution. In this section
after answering a question you will not be able to return to it. As a result, in the review screen these
question will not appear.
An Active Directory Forest named contoso.com is contained by your network. A member server name
Server1 contains by the forest that runs windows server 2016. All domain controllers run Windows
Server 2012 R2.
Contoso.com has the following configuration:
PS C:\> (Get-ADForest).ForestMode Windows2008R2Forest
PS C:\> (Get-ADDomain).DomainMode
Windows2008R2Domain
PS C:\>
You plan to configure device registration and deploy an Active Directory Federation Services (AD FS)
farm on Server1. To support the planned deployment you need to configure active directory.
Solution: to windows server 2016 you upgrade a domain controller. Is this the correct solution?
An Active Directory Forest named contoso.com is contained by your network. A member server name
Server1 contains by the forest that runs windows server 2016. All domain controllers run Windows
Server 2012 R2.
Contoso.com has the following configuration:
PS C:\> (Get-ADForest).ForestMode Windows2008R2Forest
PS C:\> (Get-ADDomain).DomainMode
Windows2008R2Domain
PS C:\>
You plan to configure device registration and deploy an Active Directory Federation Services (AD FS)
farm on Server1. To support the planned deployment you need to configure active directory.
Solution: to windows server 2012 R2 you raise the domain functional level. Is this the right solution?
An Active Directory Forest named contoso.com is contained by your network. A server named Server1
contains by the domain that runs Windows Server 2016. For server1 the computer account is in
organizational unit (OU) named OU1. A group policy object (GPO) named GPO1 is created and link GPO1
to OU1. To the local administration group on server you need to add a domain user named user1.
Solution: you run the Set-AdComputer cmdlet from the domain controller.
Is this the right solution?
An Active Directory Forest named contoso.com is contained by your network. . A server named Server1
contains by the domain that runs Windows Server 2016. For server1 the computer account is in
organizational unit (OU) named OU1. A group policy object (GPO) named GPO1 is created and link GPO1
to OU1. To the local administration group on server you need to add a domain user named user1.
Solution: you configure the Local Users and Groups preference from the computer configuration node of
GPO1.
Is this the right solution?
An Active Directory Forest named contoso.com is contained by your network. . A server named Server1
contains by the domain that runs Windows Server 2016.. For server1 the computer account is in
organizational unit (OU) named OU1. A group policy object (GPO) named GPO1 is created and link GPO1
to OU1. To the local administration group on server you need to add a domain user named user1.
Solution: you configure the Account Policies settings preference from the computer configuration node
of GPO1.
Is this the right solution?
An Active Directory Forest named contoso.com is contained by your network. The domain contains a
server named Server1. From server1 to an alternate location you recently restored a backup of the
Active Directory database. On server1 the active directory services is not interrupted by the restore
operation. By using lightweight directory protocol you need to make the Active Directory data in the
backup accessible.
Which tool should be chosen?
- A. Dsadd quota
-
Incorrect.
- B. Dsmod
-
Incorrect.
- C. Active Directory Administrative Center
-
Incorrect.
- D. Dsacls
-
Incorrect.
- E. Dsamain
-
Correct!
- F. Active Directory Users and Computers
-
Incorrect.
- G. Ntdsutil
-
Incorrect.
- H. Group Policy Management Console
-
Incorrect.
An Active Directory Forest named contoso.com is contained by your network. You need to limit the
object of Active Directory Domain Services (AD DS) that a user can create in the domain.
Which tool should be chosen?
- A. Dsadd quota
-
Correct!
- B. Dsmod
-
Incorrect.
- C. Active Directory Administrative Center
-
Incorrect.
- D. Dsacls
-
Incorrect.
- E. Dsamain
-
Incorrect.
- F. Active Directory Users and Computers
-
Incorrect.
- G. Ntdsutil
-
Incorrect.
- H. Group Policy Management Console
-
Incorrect.
An Active Directory Forest named contoso.com is contained by your network. Windows server 2012 R2
is the forest functional level. A deleted active directly object can be quickly recovered by a domain
administrator needs to be ensured.
Which tool should be chosen?
- A. Dsadd quota
-
Incorrect.
- B. Dsmod
-
Incorrect.
- C. Active Directory Administrative Center
-
Correct!
- D. Dsacls
-
Incorrect.
- E. Dsamain
-
Incorrect.
- F. Active Directory Users and Computers
-
Incorrect.
- G. Ntdsutil
-
Incorrect.
- H. Group Policy Management Console
-
Incorrect.
By using HTTPS you have users that access web application. On the server in the perimeter network web applications are located. Obtained from an enterprise root certification authority CA the servers uses certificates. By using a custom template named WebApp the certificates are generated. To active directory the certificate revocation list (CRL) is published. From the internet when the users attempt to access the web application, the users report that they received a revocation warning message in their web browser. When the users access the web application from the intranet they do not receive the message. When the users access the web application from internet they don’t not receive this message. To ensure this what should you do?
- A. On a server in the perimeter network install the Certificate Enrollment Web Service role service.
-
Incorrect.
- B. Modify the WebApps certificate template, and then issue the certificates used by the web application servers.
-
Incorrect.
- D. Modify the CRL distribution point, and then reissue the certificates used by the web application servers.
-
Incorrect.
An Active Directory Forest named contoso.com is contained by your network. An enterprise certification authority (CA) named CA1 is contain by the domain. Isolated physically from the corporate network and the internet you have a test environment. You duplicate the web server template on CA1, and you name the template Web_Cert_test. You need to request a certificate that does not contain the revocation information of CA1 for the web server. What should you do first?
- B. Select Restrict enrollment agents, and then add Web_Cert_Test to the restricted enrollment agent from the properties of CA1.
-
Incorrect.
- C. Assign the Enroll permission to the guest account from the properties of Web_Cert_Test.
-
Incorrect.
- D. Set the Compatibility setting of CA1 to Windows Server 2016 from the properties of Web_Cert_Test.
-
Correct!
An Active Directory Forest named contoso.com is contained by your network. A single domain is contain
by the forest. A server named Server1 is contain by the domain. As a standalone certificate authority
(CA) an administrator named admin01 plans to configure server1. To configure server1 as a standalone C
you need to identify to which group admin01 must be a member.
There must be the principle of least privilege used by the solution. To which group should Admin01 be
added?
- A. Administrators on Server1.
-
Correct!
- B. Domain Admins in contoso.com
-
Incorrect.
- C. Cert Publishers on Server1
-
Incorrect.
- D. Key Admins in contoso.com
-
Incorrect.
An Active Directory Forest named contoso.com is contained by your network. Several domains are
contained by the forest. On a server named server1. An administrator named admin01 installs windows
server 2016 and then join server1 to the contoso.com domain. As an enterprise certification root
authority (CA) admin01 plans to configure server1.
You need to ensure that Admin01 can configure Server1 as an enterprise C.
There must be the principle of least privilege used by the solution. To which group should Admin01 be
added?
- A. Server Operators in the contoso.com domain
-
Incorrect.
- B. Cert Publishers on Server1
-
Incorrect.
- C. Enterprise Key Admins in the contoso.com domain
-
Incorrect.
- D. Enterprise Admins in the contoso.com domain.
-
Correct!
An enterprise root certification authority (CA) named CA1 is contain by your network. For certificates
that will expire in one year multiple computers successfully enroll on the network. On a template named
Secure_computer certificates are based. Schema version 2 is used by the template. New certificates
based on Secure_computer must be valid for three years. To ensure this what should be done?
What should you do?
- D. For the root CA certificate modify the Validity period.
-
Incorrect.
A new enterprise certification authority (CA) named CA1 is deployed by you. Based on the User certificate template you plan to issue certificates. The issue certificate are valid for two years and support autoenrollment. To ensure this what should you do first?
- B. Duplicate the User certificate template.
-
Correct!
- C. To issue for CA1 add a new certificate template.
-
Incorrect.
- D. For the CA ,modify the Request Handling settings
-
Incorrect.
An active directory domain named contoso.com is contained by your network. 1000 desktop computers and 500 laptops are contained by the domain. For the desktop computers and the networks an organizational unit (OU) named OU1 contains the computer accounts. A windows PowerShell script named script1.ps1 is created by you that removes temporary files and cookies. A group policy object (GPO) named GPO1 is created by you and then GPO1 is linked to OU1. Only on the laptops once weekly you need to run the script. What should be done?
Tell Us About You:
- Home
- Practice Exam - Identity with Windows Server 2016
Practice Exam - Identity with Windows Server 2016
More Information:
- Learning Style: On Demand
- Learning Style: Practice Exam
- Difficulty: Beginner
- Course Duration: 1 Hour
- Course Info: Download PDF
- Certificate: See Sample
Contact a Learning Consultant
Need Training for 5 or More People?
Customized to your team's need:
- Annual Subscriptions
- Private Training
- Flexible Pricing
- Enterprise LMS
- Dedicated Customer Success Manager
Course Information