DRAG DROP
-
Your network contains a single domain Active Directory Domain Services (AD DS) forest named contoso.com. The forest contains a single Active Directory site.
You plan to deploy a read only domain controller (RODC) to a new datacenter on a server named Server1. A user named User1 is a member of the local Administrators group on Server1.
You need to recommend a deployment plan that meets the following requirements:
• Ensures that a user named User1 can perform the RODC installation on Server1
• Ensures that Server1 is in a new site named RemoteSite1
• Uses the principle of least privilege
Which three actions should you recommend performing in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer :
Your network contains an Active Directory domain named contoso.com. The domain contains the computers shown in the following table.
On Server3, you create a Group Policy Object (GPO) named GPO1 and link GPO1 to contoso.com. GPO1 includes a shortcut preference named Shortcut1 that has item-level targeting configured as shown in the following exhibit.
To which computer will Shortcut1 be applied?
Answer : A
Your network contains a multi-site Active Directory Domain Services (AD DS) forest. Each Active Directory site is connected by using manually configured site links and automatically generated connections.
You need to minimize the latency for changes to Active Directory.
What should you do?
Answer : C
DRAG DROP
-
Your network contains two Active Directory Domain Services (AD DS) forests named contoso.com and fabrikam.com. Contoso.com contains three child domains named amer.contoso.com, apac.contoso.com, and emea.contoso.com. Fabrikam.com contains a child domain named apac.fabrikam.com. A bidirectional forest trust exists between contoso.com and fabrikam.com.
You need to provide users in the contoso.com forest with access to the resources in the fabrikam.com forest. The solution must meet the following requirements:
• Users in contoso.com must only be added directly to groups in the contoso.com forest.
• Permissions to access the resources in fabrikam.com must only be granted directly to groups in the fabrikam.com forest.
• The number of groups must be minimized.
Which type of groups should you use to organize the users and to assign permissions? To answer, drag the appropriate group types to the correct requirements. Each group may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Answer :
HOTSPOT
-
Your network contains two Active Directory forests and a domain trust as shown in the following exhibit.
The domain trust has the following configurations:
• Name: adatum.com
• Type: External
• Direction: One-way, outgoing
• Outgoing trust authentication level: Domain-wide authentication
The forests contain the users shown in the following table.
The forests contain the network shares shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer :
HOTSPOT
-
Your network contains an Active Directory Domain Services (AD DS) forest named contoso.com. The forest contains a child named east.contoso.com and the servers shown in the following table.
You need to create a folder for the Central Store to manage Group Policy template files for the entire forest.
What should you name the folder, and on which server should you create the folder? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer :
HOTSPOT
-
Your network contains an Active Directory Domain Services (AD DS) domain. The domain contains the domain controllers shown in the following table.
You need to configure DC3 to be the authoritative time server for the domain.
Which operations master role should you transfer to DC3, and which console should you use? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer :
DRAG DROP
-
Your network contains an Active Directory domain named contoso.com. The domain contains group managed service accounts (gMSAs). You have a server named Server1 that runs Windows Server and is in a workgroup. Server1 hosts Windows containers.
You need to ensure that the Windows containers can authenticate to contoso.com.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer :
Your on-premises network contains an Active Directory domain named contoso.com. You have an Azure AD tenant.
You plan to sync contoso.com with the Azure AD tenant by using Azure AD Connect cloud sync.
You need to create an account that will be used by Azure AD Connect cloud sync.
Which type of account should you create?
Answer : B
Your network contains an Active Directory Domain Services (AD DS) domain. The domain contains the domain controllers shown in the following table.
You need to ensure that if an attacker compromises the computer account of RODC1, the attacker cannot view the Employee-Number AD DS attribute.
Which partition should you modify?
Answer : D
HOTSPOT
-
Your network contains an on-premises Active Directory Domain Services (AD DS) domain named contoso.com that syncs with an Azure AD tenant. The tenant contains a group named Group1 and the users shown in the following table.
Domain/OU filtering in Azure AD Connect is configured as shown in the Filtering exhibit. (Click the Filtering tab.)
You review the Azure AD Connect configurations as shown in the Configure exhibit. (Click the Configure tab.)
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer :
HOTSPOT
-
Your on-premises network contains an Active Directory Domain Services (AD DS) domain.
You plan to sync the domain with an Azure AD tenant by using Azure AD Connect cloud sync.
You need to meet the following requirements:
• Install the software required to sync the domain and Azure AD.
• Enable password hash synchronization.
What should you install, and what should you use to enable password hash synchronization? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer :
HOTSPOT
-
Your network contains two Active Directory Domain Services (AD DS) forests as shown in the following exhibit.
The forests contain the domain controllers shown in the following table.
You perform the following actions on DC1:
• Create a user named User1.
• Extend the schema with a new attribute named Attribute1.
To which domain controllers are User1 and Attribute1 replicated? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer :
Your network contains an Active Directory Domain Services (AD DS) domain. The domain contains the resources shown in the following table.
You plan to replicate a volume from Server1 to Server2 by using Storage Replica.
You need to configure Storage Replica.
Where should you install Windows Admin Center?
Answer : B
You have an on-premises Active Directory Domain Services (AD DS) domain named contoso.com that syncs with Azure AD by using Azure AD Connect.
You enable password protection for contoso.com.
You need to prevent users from including the word contoso as part of their password.
What should you use?
Answer : D
Have any questions or issues ? Please dont hesitate to contact us