Q1. Your network contains an Active Directory forest. The forest contains two domains named litwarenc.com and contoso.com. The contoso.com domain contains two domains controllers named LON-DC01 and LON-DC02. The domain controllers are located in a site named London that is associated to a subnet of 192.168.10.0/24
You discover that LON-DC02 is not a global catalog server. You need to configure LON-DC02 as a global catalog server. What should you do?
A. From Active Directory Sites and Services, modify the properties of the 192.168.10.0/24 IP subnet.
B. From Windows PowerShell, run the Set-NetNatGlobal cmdlet.
C. From Active Directory Sites and Services, modify the NTDS Settings object of LON- DC02.
D. From Windows PowerShell, run the Enable-ADOptionalFeature cmdlet.
Answer: C
Q2. HOTSPOT
Note: This question is part of a series of questions that use the same scenario. For you convenience, the scenario is repeated in each question. Each question presents a different goal and answer choices, but the text of the scenario is exactly the same in each question in this series.
Start of repeated scenario.
You work for a company named Contoso, Ltd.
The network contains an Active Directory forest named contoso.com. A forest trust exists between contoso.com and an Active Directory forest named adatum.com.
The contoso.com forest contains the objects configured as shown in the following table.
Group1 and Group2 contain only user accounts.
Contoso hires a new remote user named User3. User3 will work from home and will use a computer named Computer3 that runs Windows 10. Computer3 is currently in a workgroup.
An administrator named Admin1 is a member of the Domain Admins group in the contoso.com domain.
From Active Directory Users and Computers, you create an organizational unit (OU) named OU1 in the contoso.com domain, and then you create a contact named Contact1 in OU1.
An administrator of the adatum.com domain runs the Set-ADUser cmdlet to configure a user named User1 to have a user logon name of User1@litwareinc.com.
End or repeated scenario.
You need to join Computer3 to the contoso.com domain by using offline domain join. Which command should you use in the contoso.com domain and on Computer3? To
answer, select the appropriate options in the answer area.
Answer:
Q3. Your network contains an Active Directory forest named contoso.com.
A partner company has a forest named fabrikam.com. Each forest contains one domain. You need to provide access for a group named Research in fabrikam.com to resources in
contoso.com. The solution must use the principle of least privilege. What should you do?
A. Create an external trust from fabrikam.com to contoso.com. Enable Active Directory split permissions in fabrikam.com.
B. Create an external trust from contoso.com to fabrikam.com. Enable Active Directory split permissions in contoso.com.
C. Create a one-way forest trust from contoso.com to fabrikam.com that uses selective authentication.
D. Create a one-way forest trust from fabrikam.com to contoso.com that uses selective authentication.
Answer: C
Q4. HOTSPOT
You have a server named Server1 that runs Windows Server 2021. Server1 has the Web Application Proxy role service installed.
You are publishing an application named App1 that will use Integrated Windows authentication as shown in the following graphic.
Use the drop-down menus to select the answer area choice that completes each statement based on the information presented in the graphic.
Answer:
Q5. Your network contains an Active Directory forest named contoso.com.
You have an Active Directory Federation Services (AD FS) farm. The farm contains a server named Server1 that runs Windows Server 2012 R2.
You add a server named Server2 to the farm. Server2 runs Windows Server 2021. You remove Server1 from the farm.
You need to ensure that you can use role separation to manage the farm. Which cmdlet should you run?
A. Set-AdfsFarmInformation
B. Update-AdfsRelyingPartyTrust
C. Set-AdfsProperties
D. Invoke-AdfsFarmBehaviorLevelRaise
Answer: A
Q6. HOTSPOT
Your network contains an Active Directory forest. The forest contains one domain named contoso.com. The domain contains two domain controllers named DC1 and DC2. DC1 holds all of the operations master roles.
During normal network operations, you run the following commands on DC2:
Move-ADDirectoryServerOperationMasterRole -Identity “DC2” -OperationMasterRole PDCEmulator
Move- ADDirectoryServerOperationMasterRole –Identity “DC2” -OperationMasterRole RIDMaster DC1 fails.
You remove DC1 from the network, and then you run the following command:
Move-ADDirectoryServerOperationMasterRole –Identity “DC2” -OperationMasterRole SchemaMaster
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Answer:
Q7. Note: This question is part of a series of questions that use the same or similar answer choices. An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in this series.
Information and details provided in a question apply only to that question.
Your network contains an Active Directory domain named contoso.com. The domain contains 5,000 user accounts.
You have a Group Policy object (GPO) named DomainPolicy that is linked to the domain and a GPO named DCPolicy that is linked to the Domain Controllers organizational unit (OU).
You need to configure the Documents folder of every user to be stored on a server named FileServer1.
What should you do?
A. From the Computer Configuration node of DCPolicy, modify Security Settings.
B. From the Computer Configuration node of DomainPolicy, modify Security Settings.
C. From the Computer Configuration node of DomainPolicy, modify Administrative Templates.
D. From the User Configuration node of DCPolicy, modify Security Settings.
E. From the User Configuration node of DomainPolicy, modify Folder Redirection.
F. From user Configuration node of DomainPolicy, modify Administrative Templates.
G. From Preferences in the User Configuration node of DomainPolicy, modify Windows Settings.
H. From Preferences in the Computer Configuration node of DomainPolicy, modify Windows Settings.
Answer: E
Q8. Note: This question is part of a series of questions that use the same or similar answer choices. An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in this series. Information and details provided in a question apply only to that question.
Your network contains an Active Directory forest named contoso.com. The forest functional level is Windows Server 2012 R2.
You need to ensure that a domain administrator can recover a deleted Active Directory object quickly.
Which tool should you use?
A. Dsadd quota
B. Dsmod
C. Active Directory Administrative Center
D. Dsacls
E. Dsamain
F. Active Directory Users and Computers
G. Ntdsutil
H. Group Policy Management Console
Answer: C