Identity with Windows Server 2016
Question No: 51
Note: This question is part of a series of questions that use the same scenario. For your convenience, the scenario is repeated in each question. Each question presents a different goal and answer choices, but the text of the scenario is exactly the same in each question in this series.
Start of repeated scenario.
Your network contains an Active Directory domain named contoso.com. The domain contains a single site named Site1. All computers are in Site1.
The Group Policy objects (GPOs) for the domain are configured as shown in the exhibit. (Click the Exhibit button.)
The relevant users and client computer in the domain are configured as shown in the following table.
End of repeated scenario.
You are evaluating what will occur when you disable the Group Policy link for A6.
Which GPOs will apply to User2 when the user signs in to Computer1 after the link for A6 is disabled?
A1 and A5 only
A3, A1, and A5 only
A3, A1, A5, and A4 only
A3, A1, A5, and A7
Question No: 52
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You deploy a new Active Directory forest.
You need to ensure that you can create a group Managed Service Account (gMSA) for multiple member servers.
Solution: From Windows PowerShell on a domain controller, you run the Set- KdsConfiguration cmdlet.
Does this meet the goal?
Question No: 53
Your network contains an Active Directory domain named contoso.com. The domain contains a member server named Server1 and a domain controller named DC1. Both servers run Windows Server 2016. Server1 is used to perform administrative tasks, including managing Group Polices.
After maintenance is performed on DC1, you open a Group Policy object (GPO) from Server1 as shown in the exhibit.
You need to be able to view all of the Administrative Templates settings in GPO1. What should you do?
From File Explorer, copy the administrative templates from
\\contoso.com\SYSVOL\contoso.com\Policies to the PolicyDefinitions folder on Server1.
From File Explorer, delete
From File Explorer, delete the PolicyDefinitions folder from Server1.
From Group Policy Management, configure WMI Filtering for GPO1.
Question No: 54 DRAG DROP
Your company has multiple offices.
The network contains an Active Directory domain named contoso.com. An Active Directory site exists for each office. All of the sites connect to each other by using DEFAULTIPSITELINK.
The company plans to open a new office. The new office will have a domain controller and 100 client computers.
You install Windows Server 2016 on a member server in the new office. The new server will become a domain controller.
You need to deploy the domain controller to the new office. The solution must ensure that the client computers in the new office will authenticate by using the local domain controller.
Which three actions should you perform next in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Question No: 55 HOTSPOT
Your network contains an Active Directory domain named contoso.com.
The domain contains the computers configured as shown in the following table.
The domain contains a user named User1.
A Group Policy object (GPO) named GPO1 is linked to the domain. GPO1 contains a user preference that is configured as shown in the Shortcut1 Properties exhibit.
Item-level targeting for the user preference is configured as shown in the Targeting exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise, Select No.
NOTE: Each correct selection is worth one point.
Explanation: Yes gt; No gt; No
Question No: 56
Your network contains an Active Directory domain named contoso.com.
All the accounts of the users in the sales department are in an organizational unit (OU) named SalesOU.
An application named App1 is deployed to the user accounts in SalesOU by using a Group Policy object (GPO) named SalesGPO. You need to set the registry value of
\HKEY_CURRENT_USER\Software\App1\CoIlaboration to 0. Solution: You add a user preference that has an Update action. Does this meet the goal?
Question No: 57
Your company has an office in Montreal.
The network contains an Active Directory domain named contoso.com.
You have an organizational unit (OU) named Montreal that contains all of the users accounts for the users in the Montreal office. An office manager in the Montreal office knows each user personally.
You need to ensure that the office manager can provide the users with a new password if the users forget their password. What should you do?
From the Security settings of the Montreal OU, assign the office manager the Reset Password permission.
From the Security settings of each user account in the Montreal OU, assign the office manager the Change Password permission.
Create a Group Policy object (GPO) and link the GPO to the OU of the domain. Filter the GPO to the Montreal users. Assign the office manager the Apply Group Policy permission on the GPO. Configure the Password Policy settings of the GPO.
Create a Group Policy object (GPO) and link the GPO to the Montreal OU. Assign the office manager the Apply Group Policy permission on the GPO. Configure the Password Policy settings of the GPO.
Question No: 58 HOTSPOT
Your network contains an Active Directory domain named contoso.com. The domain contains four servers named Server1, Server2, Server3, and Server4 that run Windows Server 2016.
Server1 has IP Address Management (IPAM) installed. Server2, Server3, and Server 4 have the DHCP Server role installed. IPAM manages Server2, Server3, and Server4.
A domain user named User1 is a member of the groups shown in the following table.
Which actions can User1 perform? To answer, select the appropriate options in the answer area.
Box 1: Can be performed by User1
DHCP Administrators can create DHCP scopes. Box 2: Cannot be performed by User1
DHCP Users cannot create scopes. Box 3: Cannot be performed by User1 IPAM users cannot creates copes.
References: https://technet.microsoft.com/en- us/library/dn741281(v=ws.11).aspx#create_access_scope
Question No: 59 HOTSPOT
You have a server named Server1 that runs Windows Server 2016. Server1 has the Web Application Proxy role service installed.
You plan to deploy Remote Desktop Gateway (RD Gateway) services. Clients will connect to the RD Gateway services by using various types of devices including Windows, iOS and Android devices.
You need to publish the RD Gateway services through the Web Application Proxy.
Which command should you run? To answer, select the appropriate options in the answer area.
Question No: 60 HOTSPOT
Your network contains an Active Directory forest named contoso.com.
Your company has a custom application named ERP1. ERP1 uses an Active Directory Lightweight Directory Services (AD LDS) server named Server1 to authenticate users.
You have a member server named Server2 that runs Windows Server 2016. You install the Active Directory Federation Services (AD FS) server role on Server2 and create an AD FS farm.
You need to configure AD FS to authenticate users from the AD LDS server.
Which cmdlets should you run? To answer, select the appropriate options in the answer area.
To configure your AD FSfarm to authenticate users from an LDAP directory, you can complete the following steps:
Step 1: New-AdfsLdapServerConnection
First, configure a connection to your LDAP directory using the New- AdfsLdapServerConnection cmdlet:
$DirectoryCred = Get-Credential
$vendorDirectory = New-AdfsLdapServerConnection -HostName dirserver -Port 50000-SslMode None -AuthenticationMethod Basic -Credential $DirectoryCred
Step 2 (optional):
Next, you can perform the optional step of mapping LDAP attributes to the existing AD FS claims using the New-AdfsLdapAttributeToClaimMapping cmdlet.
Step 3: Add-AdfsLocalClaimsProviderTrust
Finally, you must register the LDAP store with AD FS as a local claims provider trust using the Add-AdfsLocalClaimsProviderTrust cmdlet:
Add-AdfsLocalClaimsProviderTrust -Name ??endors??-Identifier ??rn:vendors??-Type L References: https://technet.microsoft.com/en-us/library/dn823754(v=ws.11).aspx
|Lowest Price Guarantee||Yes||No||No|
|Free VCE Simulator||Yes||No||No|