NEW QUESTION NO: 5
Your network contains an Active Directory forest. The forest functional level is Windows Server 2016.
You have a failover cluster named Cluster1. Cluster1 has two nodes named Server1 and Server2. All the optional features in Active Directory are enabled.
A junior administrator accidentally deletes the computer object named Cluster1.
You discover that Cluster1 is offline.
You need to restore the operation of Cluster1 in the least amount of time possible.
What should you do?
A. Recover a deleted object from the Active Directory Recycle Bin.
B. Perform an authoritative restore by running ntdutil.exe.
C. Run the Enable-ADAccount cmdlet from Windows PowerShell.
D. Perform a tombstone reanimation by running ldp.exe.
Answer: A

NEW QUESTION NO: 6
HOTSPOT
Your network contains an Active Directory forest. The forest contains one domain named contoso.com.
The domain contains two domain controllers named DC1 and DC2. DC1 holds all of the operations master roles.
During normal network operations, you run the following commands on DC2:
Move-ADDirectoryServerOperationMasterRole -Identity "DC2" -OperationMasterRole PDCEmulator Move- ADDirectoryServerOperationMasterRole -Identity "DC2" -OperationMasterRole RIDMaster DC1 fails.
You remove DC1 from the network, and then you run the following command:
Move-ADDirectoryServerOperationMasterRole -Identity "DC2" -OperationMasterRole SchemaMaster For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Hot Area:

Answer: 


NEW QUESTION NO: 7
Note: This question is part of a series of questions that use the same scenario. For your convenience, the scenario is repeated in each question. Each question presents a different goal and answer choices, but the text of the scenario is exactly the same in each question in this series.
Start of repeated scenario.
Your network contains an Active Directory domain named contoso.com. The domain contains a single site named Site1. All computers are in Site1.
The Group Policy objects (GPOs) for the domain are configured as shown in the exhibit. (Click the Exhibit button.)

The relevant users and client computer in the domain are configured as shown in the following table.

End of repeated scenario.
You are evaluating what will occur when you block inheritance on OU4.
Which GPO or GPOs will apply to User1 when the user signs in to Computer1 after block inheritance is configured?
A. A1, A5, and A6
B. A3, A1, A5, and A7
C. A3 and A7 only
D. A7 only
Answer: D
Explanation/Reference:
Explanation:

NEW QUESTION NO: 8
HOTSPOT
Your network contains an Active Directory domain named contoso.com.
The domain contains two servers named Server1 and Server2 that run Windows Server 2016.
Server1 has Microsoft System Center 2016 Virtual Machine Manager (VMM) installed. Server2 has IP Address Management (IPAM) installed.
You create a domain user named User1.
You need to integrate IPAM and VMM. VMM must use the account of User1 to manage IPAM. The solution must use the principle of least privilege.
What should you do on each server? To answer, select the appropriate options in the answer area.
Hot Area:

Answer: 

Explanation/Reference:
References:
https://technet.microsoft.com/en-us/library/dn783349(v=ws.11).aspx

NEW QUESTION NO: 9
Your network contains an Active Directory forest named contoso.com. The forest contains a member server named Server1 that runs Windows Server 2016. Server1 is located in the perimeter network.
You install the Active Directory Federation Services server role on Server1. You create an Active Directory Federation Services (AD FS) farm by using a certificate that has a subject name of sts.contoso.com.
You need to enable certificate authentication from the Internet on Server1.
Which two inbound TCP ports should you open on the firewall? Each correct answer presents part of the solution.
A. 389
B. 443
C. 3389
D. 8531
E. 49443
Answer: B,E
Explanation/Reference:
Explanation:

NEW QUESTION NO: 10
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2016. The computer account for Server1 is in organizational unit (OU) named OU1.
You create a Group Policy object (GPO) named GPO1 and link GPO1 to OU1.
You need to add a domain user named User1 to the local Administrators group on Server1.
Solution: From the Computer Configuration node of GPO1, you configure the Local Users and Groups preference.
Does this meet the goal?
A. Yes
B. No
Answer: A
Explanation/Reference:
Explanation:

NEW QUESTION NO: 11
Your network contains an Active Directory domain named contoso.com. The domain functional level is Windows Server 2012 R2.
You need to secure several high-privilege user accounts to meet the following requirements:
Prevent authentication by using NTLM.

Use Kerberos to verify authentication request to any resources.

Prevent the users from signing in to a client computer if the computer is disconnected from the domain.

What should you do?
A. Create a universal security group for the user accounts and modify the Security settings of the group.
B. Add the users to the Windows Authorization Access Group group.
C. Add the user to the Protected Users group.
D. Create a separate organizational unit (OU) for the user accounts and modify the Security settings of the OU.
Answer: C
Explanation/Reference:
Explanation:

NEW QUESTION NO: 12
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named Server1.
You recently restored a backup of the Active Directory database from Server1 to an alternate Location.
The restore operation does not interrupt the Active Directory services on Server1.
You need to make the Active Directory data in the backup accessible by using Lightweight Directory Access Protocol (LDAP).
Which tool should you use?
A. Dsadd quota
B. Dsmod
C. Active Directory Administrative Center
D. Dsacls
E. Dsamain
F. Active Directory Users and Computers
G. Ntdsutil
H. Group Policy Management Console
Answer: E
Explanation/Reference:
Explanation:
References:
https://blogs.technet.microsoft.com/poshchap/2015/03/06/use-powershell-and-dsamain-exe-to-mount-a- backup-of-ntds-dit/

NEW QUESTION NO: 13
DRAG DROP
Your network contains an Active Directory domain named contoso.com.
The domain contains a server named Server1 that runs Windows Server 2016.
You install IP Address Management (IPAM) on Server1.
You need to manually start discovery of servers that IPAM can manage in contoso.com.
Which three cmdlets should you run in sequence? To answer, move the appropriate cmdlets from the list of cmdlets to the answer area and arrange them in the correct order.
Select and Place:

Answer: 

Explanation/Reference:
Explanation:
Step 1: Invoke-IpamServerProvisioning
Choose a provisioning method
The Invoke-IpamGpoProvisioning cmdlet creates and links three group policies specified in the Domain parameter for provisioningrequired access settingson the server roles managed by the computer running the IP Address Management (IPAM) server.
Step 2: Add-IpamDiscoveryDomain
Configure the scope of discovery
The Add-IpamDiscoveryDomain cmdlet adds an Active Directory discovery domain for an IP AddressManagement (IPAM) server. A discovery domain is a domain that IPAM searches to find infrastructure servers. An IPAM server uses the list of discovery domains to determine what type of servers to add. By default, IPAM discovers all domain controllers, Dynamic Host Configuration Protocol (DHCP) servers, and Domain Name System (DNS) servers.
Step 3: Start-ScheduledTask
Start server discovery
To begin discovering servers on the network, click Start server discovery to launch the IPAM ServerDiscovery task or use the Start-ScheduledTask command.

NEW QUESTION NO: 14
Your network contains an Active Directory domain named contoso.com.
Domain users use smart cards to sign in to their client computer.
Some users report that it takes a long time to sign in to their computer and that the logon attempt times out, so they must restart the sign in process.
You discover that the issues to checking the certificate revocation list (CRL) of the smart card certificates.
You need to resolve the issue without diminishing the security of the smart card logons.
What should you do?
A. From the properties of the smart card's certificate template, modify the Issuance Requirements settings.
B. Deactivate certificate revocation checks on the computers.
C. Implement an Online Certification Status Protocol (OCSP) responder.
D. From the properties of the smart card's certificate template, modify the Request Handling settings.
Answer: C

NEW QUESTION NO: 15
Your network contains an Active Directory domain named contoso.com.
The domain contains a server named Server1 that runs Windows Server 2016.
Server1 has IP Address Management (IPAM) installed. IPAM is configured to use the Group Policy based provisioning method.
The prefix for the IPAM Group Policy objects (GPOs) is IP.
From Group Policy Management, you manually rename the IPAM GPOs to have a prefix of IPAM.
You need to modify the GPO prefix used by IPAM.
What should you do?
A. Click Configure server discovery in Server Manager.
B. Run the Set-IpamConfiguration cmdlet.
C. Run the Invoke-IpamGpoProvisioning cmdlet.
D. Click Provision the IPAM server in Server Manager.
Answer: B
Explanation/Reference:
Explanation:
The Set-IpamConfiguration cmdlet modifies the configuration for the computer that runs the IPAM server.
The -GpoPrefix<String> parameter specifies the unique Group Policy object (GPO) prefix name that IPAM uses to create the group policy objects. Use this parameter only when the value of the ProvisioningMethod parameter is set to Automatic.
References: https://technet.microsoft.com/en-us/library/jj590816.aspx