Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
We offers . "Identity with Windows Server 2021", also known as 70-742 exam, is a Microsoft Certification. This set of posts, Passing the 70-742 exam with , will help you answer those questions. The covers all the knowledge points of the real exam. 100% real and revised by experts!
Online 70-742 free questions and answers of New Version:
NEW QUESTION 1
Your network contains an Active Directory domain named contoso.com. The domain contains an Active Directory Federation Services {AD FS) server named Server1.
On a standalone server named Server2, you install and configure the Web Application Proxy.
You have an internal web application named WebApp1. AD FS has a relying party trust for WebApp1. You need to provide external users with access to WebApp1. Authentication to WebApp1 must use AD FS
pre-authentication.
Which tool should you use to publish WebApp1?
Answer: C
Explanation: References:
https://docs.microsoft.com/en-us/windows-server/remote/remote-access/web-application-proxy/publishing-appli
NEW QUESTION 2
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a server named Web1 that runs Windows Server 2021.
You need to list all the SSL certificates on Web1 that will expire during the next 60 days. Solution: You run the following command.
Get-ChildItem Cert:LocalMachineTrust |? { $_.NotAfter –It (Get-Date).AddDays( 60 ) } 
Does this meet the goal?
Answer: A
NEW QUESTION 3
Your network contains an Active Directory forest. The forest contains a domain named contoso.com. The domain contains three domain controllers.
A domain controller named lon-dc1 fails. You are unable to repair lon-dc1.
You need to prevent the other domain controllers from attempting to replicate to lon-dc1.
Solution: From Active Directory Users and Computers, you remove the computer account of lon-dc1. Does this meet the goal?
Answer: A
Explanation: To remove the failed server object from the domain controllers container, access Active Directory Users and Computers, expand the domain controllers container, and delete the computer object associated with the failed domain controller
References: https://www.petri.com/delete_failed_dcs_from_ad
NEW QUESTION 4
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You deploy a new Active Directory forest.
You need to ensure that you can create a group Managed Service Account (gMSA) for multiple member servers.
Solution: You configure Kerberos constrained delegation on the computer account of each domain controller. Does this meet the goal?
Answer: B
NEW QUESTION 5
Your company has multiple branch offices.
The network contains an Active Directory domain named contoso.com.
In one of the branch offices, a new technician is hired to add computers to the domain.
After successfully joining multiple computers to the domain, the technician fails to join anymore computers to the domain.
You need to ensure that the technician can join an unlimited number of computers to the domain. What should you do?
Answer: B
NEW QUESTION 6
You deploy a new certification authority (CA) to a server that runs Windows Server 2021. You need to configure the CA to support recovery of certificates.
What should you do first?
Answer: A
NEW QUESTION 7
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory domain named contoso.com. A user named User1 is in an organizational unit (OU) named OU1.
You need to enable User1 to sign in as user1@adatum.com.
You need a list of groups to which User1 is either a direct member or an indirect member.
Solution: From Windows PowerShell, you run Set -Aduser User1 -UserPricncipalName User1@Adatum.com. Does this meet the goal?
Answer: B
NEW QUESTION 8
Note: This question is part of a series of questions that use the same or similar answer choices. An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in this series. Information and details provided in a question apply only to that question.
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named Server1.
You recently restored a backup of the Active Directory database from Server1 to an alternate Location. The restore operation does not interrupt the Active Directory services on Server1.
You need to make the Active Directory data in the backup accessible by using Lightweight Directory Access Protocol (LDAP).
Which tool should you use?
Answer: E
NEW QUESTION 9
Your network contains an Active directory domain named conloso.com. The domain has an enterprise certification authority (CA).
You duplicate the Basic EFS template, and you name the template Template1. You configure the CA to issue Template1.
Users are configured to obtain a new certificate automatically when they sign in to a computer in the domain. You need to enable the users to automatically obtain a certificate based on Template1.
What should you modify?
Answer: A
NEW QUESTION 10
You network contains an Active Directory domain named contoso.com. The domain contains an enterprise certification authority (CA).
A user named Admin1 is a member of the Domain Admins group.
You need to ensure that you can archive keys on the CA. The solution must use Admin1 as a key recovery agent.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
Explanation: 
NEW QUESTION 11
Note: This question is part of a series of questions that use the same scenario. For your convenience, the scenario is repeated in each question. Each question presents a different goal and answer choices, but the text of the scenario is exactly the same in each question in this series.
Start of repeated scenario.
Your network contains an Active Directory domain named contoso.com. The domain contains a single site named Site1. All computers are in Site1.
The Group Policy objects (GPOs) for the domain are configured as shown in the exhibit. (Click the Exhibit button.)
The relevant users and client computer in the domain are configured as shown in the following table.
End of repeated scenario.
You are evaluating what will occur when you block inheritance on OU4.
Which GPO or GPOs will apply to User1 when the user signs in to Computer1 after block inheritance is configured?
Answer: D
NEW QUESTION 12
Your network contains two Active Directory forests named fabrikam.com and contoso.com. Each forest contains two sites. Each site contains two domain controllers.
You need to configure all the domain controllers in both the forests as global catalog servers. Which snap-in should you us?
Answer: B
NEW QUESTION 13
Your network contains an Active Directory domain named contoso.com. You need to create a central store for Group Policy administrative templates. What should you use?
Answer: D
NEW QUESTION 14
Your network contains an Active Directory domain named contoso.com. The domain contains a user named User1 and an organizational unit (OU) named OU1.
You create a Group Policy object (GPO) named GPO1. You need to ensure that User1 can link GPO1 to OU1. What should you do?
Answer: D
NEW QUESTION 15
Your network contains an Active Directory forest named contoso.com.
You have an Active Directory Federation Services (AD FS) farm. The farm contains a server named Server1 that runs Windows Server 2012 R2.
You add a server named Server2 to the farm. Server2 runs Windows Server 2021. You remove Server1 from the farm.
You need to ensure that you can use role separation to manage the farm. Which cmdlet should you run?
Answer: D
Explanation: AD FS for Windows Server 2021 introduces the ability to have separation between server administrators and AD FS service administrators.
After upgrading our ADFS servers to Windows Server 2021, the last step is to raise the Farm Behavior Level using the Invoke-AdfsFarmBehaviorLevelRaise PowerShell cmdlet.
To upgrade the farm behavior level from Windows Server 2012 R2 to Windows Server 2021 use the Invoke-ADFSFarmBehaviorLevelRaise cmdlet.
References: https://technet.microsoft.com/en-us/library/mt605334(v=ws.11).aspx
NEW QUESTION 16
Your network contains an Active Directory domain named contoso com. The domain contains a web application that uses Kerberos authentication.
You change the domain name of the web application.
You need to ensure that the service principal name (SPN) for the application is registered. Which tool should you use?
Answer: B
Explanation: https://social.technet.microsoft.com/wiki/contents/articles/18996.active-directory-powershell-script-to-list-all-sp
Recommend!! Get the Full 70-742 dumps in VCE and PDF From Surepassexam, Welcome to Download: https://www.surepassexam.com/70-742-exam-dumps.html (New 222 Q&As Version)