2018 March New Microsoft 70-742 Exam Dumps with PDF and VCE Free Updated Today! Following are some new 70-742 Real Exam Questions:

1.|2018 Latest 70-742 Exam Dumps (PDF & VCE) 115Q&As Download:

https://www.braindump2go.com/70-742.html

2.|2018 Latest 70-742 Exam Questions & Answers Download:
https://drive.google.com/drive/folders/0B75b5xYLjSSNTHFSYmh4MkNta2M?usp=sharing

QUESTION 51
You have an enterprise certification authority (CA) named CA1.
You have a certificate template named UserAutoEnroll that is based on the User certificate template. Domain users are configured to autoenroll for UserAutoEnroll.
A user named User1 has an email address defined in Active Directory.
A user named User2 does not have an email address defined in Active Directory.
You discover that User1 was issued a certificate based on UserAutoEnroll template automatically. A request by user2 for a certificate based on the UserAutoEnroll template fails.
You need to ensure that all users can autoenroll for certificated based on the UserAutoEnroll template.
Which setting should you configure from the properties on the UserAutoEnroll certificate template?

A. Issuance Requirements
B. Request Handling
C. Cryptography
D. Subject Name

Answer: D

QUESTION 52
You are configuring AD FS. Which server should you deploy on your organization’s perimeter network?

A. Web appplication proxy
B. Relying-party server
C. Federation server
D. Claims-provider server

Answer: A

QUESTION 53
Which of the following CA types would you deploy if you wanted to deploy a CA at the top of a hierarchy that could issue signing certificates to other CAs and which would be taken offline if not issuing, renewing, or revoking signing certificates?

A. Enterprise root
B. Enterprise subordinate
C. Standalone root
D. Standalone subordinate

Answer: C

QUESTION 54
You need to ensure that clients will check at least every 30 minutes as to whether a certificate has been revoked. Which of the following should you configure to accomplish this goal?

A. Key recovery agent
B. CRL publication interval
C. Delta CRL publication interval
D. Certificate templates.

Answer: C

QUESTION 55
Your network contains an Active Directory forest named contoso.com.
Users frequently access the website of an external partner company.
The URL of the website is http://partners.adatum.com.
The partner company informs you that it will perform maintenance on its Web server and that the IP addresses of the Web server will change.
After the change is complete, the users on your internal network report that they fail to access the website. However, some users who work from home report that they can access the website.
You need to ensure that your DNS servers can resolve partners.adatum.com to the correct IP address immediately.
What should you do?

A. Run dnscmd and specify the CacheLockingPercent parameter.
B. Run Set-DnsServerGlobalQueryBlockList.
C. Run ipconfig and specify the Renew parameter.
D. Run Set-DnsServerCache.

Answer: D

QUESTION 56
Your network contains an Active Directory domain named contoso.com.
Domain users use smart cards to sign in to their client computer.
Some users report that it takes a long time to sign in to their computer and that the logon attempt times out, so they must restart the sign in process.
You discover that the issues to checking the certificate revocation list (CRL) of the smart card certificates.
You need to resolve the issue without diminishing the security of the smart card logons.
What should you do?

A. From the properties of the smart card’s certificate template, modify the Request Handling settings.
B. From the properties of the smart card’s certificate template, modify the Issuance Requirements settings.
C. Deactivate certificate revocation checks on the computers.
D. Implement an Online Certification Status Protocol (OCSP) responder.

Answer: D

QUESTION 57
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You deploy a new Active Directory forest.
You need to ensure that you can create a group Managed Service Account (gMSA) for multiple member servers.
Solution: From Windows PowerShell on a domain controller, you run the Set-KdsConfiguration cmdlet.
Does this meet the goal?

A. Yes
B. No

Answer: B

QUESTION 58
Note: This question is part of a series of questions that use the same scenario. For your convenience, the scenario is repeated in each question. Each question presents a different goal and answer choices, but the text of the scenario is exactly the same in each question in this series.
Start of repeated Scenario
You work for a company named Contoso, Ltd.
The network contains an Active Directory forest named contoso.com. A forest trust exists between contoso.com and an Active Directory forest named adatum.com.
The contoso.com forest contains the objects configured as shown in the following table.

Group 1 and Group2 contain only user accounts.
Contoso hires a new remote user named User3. User3 will work from home and will use a computer named Computer3 that runs Windows 10. Computer3 is currently in a workgroup. An administrator named Admin1 is a member of the Domain Admins group in the contoso.com domain.
From Active Directory Users and Computers, you create an organizational unit (OU) named OU1 in the contoso.com domain, and then you create a contact named Contact1 in OU1.
An administrator of the adatum.com domain runs the Set-ADUser cmdlet to configure a user named User1 to have a user logon name of [email protected].
End of repeated scenario
You need to ensure that Admin1 can convert Group1 to a global group.
What should you do?

A. Add Admin1 to the Enterprise Admin group.
B. Remove all the member from Group1.
C. Modify the Security settings of Group1.
D. Convert Group1 to a universal security group.

Answer: B

QUESTION 59
You have an Active Directory Rights Management Services (AD RMS) server named RMS1.
Multiple documents are protected by using RMS1.
RMS1 fails and cannot be recovered.
You install the AD RMS server role on a new server named RMS2.
You restore the AD RMS database from RMS1 to RMS2.
Users report that they fail to open the protected documents and to protect new documents.
You need to ensure that the users can access the protected content.
What should you do?

A. From Active Directory Rights Management, update the Service Connection Point (SCP) for RMS1.
B. From DNS, create an alias (CNAME) record for RMS2.
C. From DNS, modify the service location (SRV) record for RMS1.
D. From RMS2, register a service principal name (SPN) in Active Directory.

Answer: D

QUESTION 60
Note: This question is part of a series of questions that use the same or similar answer choices. An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in this series. Information and details provided in a question apply only to that question.
Your network contains an Active Directory domain named contoso.com.
You recently deleted 5,000 objects from the Active Directory database.
You need to reduce the amount of disk space used to store the Active Directory database on a domain controller.

A. Dsadd quota
B. Dsmod
C. Active Directory Administrative Center
D. Dsacls
E. Domain
F. Active Directory Users and Computers
G. Ntdsutil
H. Group Policy Management Console

Answer: G

QUESTION 61
Your network contains an Active Directory domain named contoso.com.
The domain contains an enterprise certification authority (CA) named CA1.
You duplicate the Computer certificate template, and you name the template Cont_Computers.
You need to ensure that all of the certificates issued based on Cont_Computers have a key size of 4,096 bits.
What should you do?

A. From the properties of CA1, modify the Security settings.
B. From the properties of CA1, modify the Request Handling settings.
C. From the properties of the Computer template, modify the Key Attestation settings.
D. From the properties of Cont_Computers, modify the Cryptography settings.

Answer: C


!!!RECOMMEND!!!

1.|2018 Latest 70-742 Exam Dumps (PDF & VCE) 115Q&As Download:

https://www.braindump2go.com/70-742.html

2.|2018 Latest 70-742 Study Guide Video:

https://youtu.be/mWnjmghMeNM